South Korean electronics giant Samsung on Friday disclosed a data breach that may have potentially exposed some customers’ personal information in the United States.
In an email sent to customers, the company said its systems were compromised in late July 2022, which was discovered by them on or around August 4, 2022.
During their ongoing investigation, Samsung found that an unauthorized third party had acquired the personal information of its customers from some of Samsung’s U.S. systems and exfiltrated it out of its network. However, no consumer devices and in-app control interfaces were affected.
Samsung also noted that the data leaked for each relevant customer may vary. In some cases, that information may include details such as name, contact and demographic information, date of birth, and product registration information. However, no Social Security numbers or credit and debit card numbers were impacted due to the data breach.
In response to the incident, the company has already taken action to secure the impacted systems. It has also engaged cybersecurity experts to investigate the incident and is coordinating with law enforcement. Additionally, it is notifying affected customers to make them aware of this matter. Those who were not impacted by the data breach may not receive an email from Samsung.
“We are committed to protecting the security and privacy of our customers. We have engaged leading cybersecurity experts and are coordinating with law enforcement. We will continue to work diligently to develop and implement immediate and longer-term next steps to further enhance the security across our systems,” the company wrote in the email sent to customers.
“At Samsung, we value the trust our customers place in our products and services – trust that we have built up over many years. By working with industry-leading experts, we will further enhance the security of our systems – and our customers’ personal information – and work to maintain the trust our customers have put into the Samsung brand for more than 40 years.
“We regret any inconvenience this may cause our valued customers and appreciate their trust in us.”
Samsung has created a dedicated FAQ page to provide more information on the incident, which includes actions taken by the company, credit report, privacy policy, and so on.
Based on its ongoing investigation, customers have no necessary immediate action to do for any of Samsung’s platforms in order to mitigate the potential impacts of the incident. However, the company is still recommending its impacted users to:
- Remain cautious of any unsolicited communications that ask for your personal information or refer you to a web page asking for personal information
- Avoid clicking on links or downloading attachments from suspicious emails
- Review your accounts for suspicious activity
It’s not immediately clear how many customers are affected by the data breach.
This is the second time Samsung has confirmed a data breach this year. In March, LAPSUS$, a hacking group that stole Nvidia Corp.’s networks, claimed that it had hacked the system of Samsung Electronics Co. and stolen a huge trove of sensitive data. It also leaked up to 190 gigabytes of its data and source code online as proof of the hack.
Back then, a spokesperson for Samsung confirmed that it did suffer a cybersecurity breach that resulted in the exposure of internal company data. However, it said no personal data of customers or its employees were accessed by the hackers.
“According to our initial analysis, the breach involves some source code relating to the operation of Galaxy devices, but does not include the personal information of our consumers or employees,” Samsung said.
“Currently, we do not anticipate any impact to our business or customers. We have implemented measures to prevent further such incidents and will continue to serve our customers without disruption.”
