Samsung, a global technology leader, recently confirmed a cybersecurity incident that resulted in the unauthorized access to some UK customers’ contact information. This data breach, however, did not involve any financial data or customer passwords.
A Brief Overview of the Incident
The cybersecurity incident had affected those who made purchases from Samsung’s UK online store, although the exact number of customers impacted remains undisclosed. This data breach was the result of a vulnerability in a third-party business application utilized by Samsung. As such, the information of certain customers who made transactions on Samsung’s e-commerce platform between July 1, 2019, and June 30, 2020, was exploited.
The data possibly accessed during the breach may include the customer’s name, phone number, address, and email address. Samsung, however, asserts that no financial data, such as bank or credit card details, or customer passwords, were affected by the breach.
Samsung’s Response to the Cybersecurity Incident
Upon becoming aware of the cybersecurity incident, Samsung took immediate action. A Samsung spokesperson said, “We have taken all necessary steps to resolve this security issue, including reporting the incident to the Information Commissioner’s Office and contacting affected customers.”
In response to the incident, a spokesperson for the Information Commissioner’s Office confirmed that Samsung had informed them about the incident and they would be making inquiries.
As a result of the breach, customers should remain alert against potential phishing attempts or scams. Even though no financial information was compromised, personal information could be more valuable to criminals as they could use the information repeatedly to attack individuals.
Samsung’s Cybersecurity Incidents in the Past
This incident is not the first time Samsung suffered a data breach. Two previous instances occurred in late July 2022 and March 2022. In the July incident, hackers accessed and stole Samsung customers’ names, contacts, and demographic information, dates of birth, and product registration data.
In the March incident, the data extortion group Lapsus$ breached Samsung’s network and stole confidential information, including the source code for Galaxy-branded devices. Group hacked 190 gigabytes of data from the company’s systems.
Samsung clarified that the recent cybersecurity incident was limited to the UK and did not affect other customers, employees, or retailer data.
In April, Samsung employees were reported by local media as sharing confidential data with ChatGPT, opening up the data to OpenAI’s users. The corporation soon prohibited employees from using generative AI tools such as ChatGPT, Bing, or Google Bard.
In July of the same year, the company was victim to a cybersecurity incident that impacted its U.S. customers.
The Vulnerable Third-party Application
Although Samsung did not provide details about the security issue exploited in the attack or the vulnerable application that enabled the attacker to access customer’s personal information, it did confirm that a hacker exploited a vulnerability in a third-party application the company used.
Samsung’s Assurance of Resolving the Security Issue
Samsung assured that it had taken all necessary steps to address the security issue. The company reported the incident to the UK’s Information Commissioner’s Office and has been in contact with affected customers.
Although the recent cybersecurity incident at Samsung did not involve financial data, it does remind us of the importance of cybersecurity. It is crucial for organizations to thoroughly assess and secure their entire digital supply chain to mitigate such incidents. Furthermore, customers should remain vigilant against potential phishing attempts or scams, as personal information can be more valuable to criminals.
If you liked this article, we advise you to read our previous article about Ransomware Attack in Toronto Public Library . Follow us on Twitter and LinkedIn for more content.
Leave a Reply