• World CyberCon India
Data Breaches Firewall Daily

Samsung Confirms Data Breach Affecting Customers’ Personal Information

This is the second cyberattack on Samsung this year, the first being in March. Extortion group Lapsus$ claimed responsibility for the earlier data theft

Samsung Confirms Data Breach Affecting Customers’ Personal Information
  • PublishedSeptember 5, 2022

South Korean electronics giant Samsung confirmed that a data breach, which happened earlier this July, has impacted the information associated with its US customers and may have affected personal data such as name, contact and demographic information, date of birth, and product registration information. However, the company assured its users that their social security numbers and credit and debit card numbers had not been exposed to cyber attackers. The data breach at Samsung’s US systems was detected in late July 2022, following which the company investigated the incident. On August 4, the data breach was confirmed.

The company’s notice affirmed that the specifics of the data loss were not similar for all its impacted users. While for some users, it may have their contact details stolen, for others, it could be their demographic information. Moreover, Samsung has yet to release the exact number of users affected by the incident as the investigation continues. The attacker’s identity has also not been determined as the company is coordinating with law enforcement to get more information.

Emails to impacted users

According to the investigative reports, Samsung is emailing the impacted individuals to alert them about the incident. Those who have not received an email have most likely been unaffected by the breach. The company will also contact impacted individuals based on the forthcoming reports.

Past data theft at Samsung

This is the second cyberattack on Samsung this year, the first being in March. The extortion group Lapsus$ claimed responsibility for the earlier data theft on its Telegram channel. They stole about 190GB of data from the system of Samsung and leaked it as proof.

 

Impacted information in the previous data breach at Samsung

While the user information was not stolen in the last incident, sensitive information, such as the source code for trusted applets installed in Samsung’s TrustZone environment, was impacted. Moreover, this incident affected the algorithm for all biometric unlock operations and bootloader source code for Samsung devices.

Samsung’s message to the customers

The company requested customers to check their credit reports and asked them not to respond to any unknown communication or share information owing to suspicious communications from outside agents or entities. The official note also urged users not to click on links to unknown messages as they may contain data-stealing malware. They further asked users to report any suspicious activity on their accounts.

Samsung assured that their devices and other products and services provided by Samsung were now safe from hackers’ access. The customers have also been given access to one free credit report per year from all three credit reporting agencies, as per US law. This is used to assure them of their financial safety.

Written By
Editorial

The Cyber Express is a publication that aims to provide the latest news and analysis about the information security industry. The news comes from a variety of sources and is updated regularly so that readers can stay up to date with the latest happenings in this rapidly growing field.