Samsung has admitted that unknown attackers managed to gain unauthorized access to the personal data of its customers in the UK. In addition, the attackers retained access for a year.
Chelsea Simpson, who represents Samsung through a third-party agency, said the source TechCrunchwhich company “We were recently made aware of a security incident <..>which resulted in illegal access to certain contact information of some Samsung online store customers in the UK.”. Samsung declined to provide further details of the incident, including the number of customers affected or how the hackers were able to gain access to its internal systems.
In a letter to affected customers, the company admitted that attackers exploited a vulnerability in a third-party business application and gained access to the personal information of customers who made purchases in the UK section of Samsung’s online store between July 1, 2019 and 2019 had made on June 30, 2020. It was only more than three years later – on November 13, 2023 – that the Korean manufacturer managed to discover the hacker attack on the system. Hackers were able to gain access to customer names, phone numbers, postal addresses and email addresses. The attackers failed to steal financial data, including bank card details and customer passwords, the Samsung representative stressed, adding that the company had informed the UK Information Commissioner’s Office (ICO) about the problem – the regulator will “investigate” this carry out”. Fact.
This is the third time Samsung systems have been hacked by cybercriminals in the last two years. In March 2022, Lapsus$ hackers stole approximately 200 GB of data, including source codes for various technological solutions, such as the biometric unlocking algorithm. In September of the same year, hackers gained access to data from some Samsung departments in the USA – at the time, the company also refused to disclose the number of customers affected.