An “unauthorized third party” was able to access information from “certain Samsung systems in the US,” the Korean group announced on Sept. 2. The incident occurred at the end of July 2022 and was discovered at the beginning of August 2022, he added. Since then, “measures” have been taken to secure the affected systems, involving an external cybersecurity company.
Name, date of birth, registration number…
This security incident is far from trivial as a third party managed to steal an unspecified amount of personal data belonging to Samsung customers. In an attempt to reassure, the company promises that Social Security and credit card numbers are kept. The attacker was still able to gain access to customer names, contact details, date of birth, and product registration information. “Relevant information for each customer may vary,” Samsung said.
Affected customers have been notified of this data breach. Additional notices may appear as the investigation progresses. However, Samsung advises all of its customers to be wary of phishing risks. Indeed, the data collected by the hackers can then be used for fraud, identity theft… Consumer devices would not be affected by this incident and can be used without additional precautions.
A few months ago, 190 GB of industrial data was stolen
For Samsung, this is the second blow in just a few months. Last March, the company confirmed to Bloomberg that it was a victim of the Lapsus$ group. Thus, 190 gigabytes of industry data was stolen, including the algorithms for all biometric unlock operations, the source code of the Galaxy bootloader, and the full source code of the technology used to authorize and authenticate Samsung accounts, including APIs and services.