Facepalm: Samsung is informing its UK clients of a security breach that affected the company's systems for almost a year. The criminals were able to access customers' personal data, but Samsung hasn't provided further details beyond this statement.
Between July 1, 2019, and June 30, 2020, UK customers who purchased Samsung gear through the company's official e-commerce stores had their data compromised by an "unauthorized individual." Samsung discovered the breach on November 13, 2023, confirming that the unknown hackers were able to access its systems by exploiting a security vulnerability in a third-party business application the company uses.
The hackers had access to "some" personal information from an unspecified number of users for a year, Samsung states in its email. According to the company's own investigation, the compromised data "may" include a customer's name, phone number, home address, and email address. Passwords or "financial" information such as bank or credit card details were unaffected, the Korean corporation says.
The new cyber-security incident was limited to the UK region, Samsung confirmed, while customers, employees, retailers and other parties in the US and elsewhere in the world should be safe this time. Soon after discovering the breach, Samsung reported the incident to the UK's Information Commissioner's Office.
An ICO spokesperson confirmed that the consumer electronics giant had reported the issue to the UK's data protection agency, and that ICO investigators are now "making inquiries." Both Samsung Electronics representatives and ICO have provided no further details about a data breach that could have affected a significant number of UK citizens.
Samsung's recent history with security breaches is concerning, as this is the third major incident suffered by the company in the past few years. In September 2022, the Korean corporation said that hackers were able to access some information from its US systems.
A third incident affected the company in March 2022, after Lapsus$ hackers leaked almost 200 gigabytes of confidential data taken from Samsung's servers. The huge trove of data included source code for various technology components belonging to Galaxy smartphones, algorithms for biometric unlock methods, and more. Samsung confirmed that "certain internal data" had been "stolen" by unauthorized parties.