Network Security
Vulnerability Management
Privileged Access Management
Endpoint Security
Threat Hunting
Unified Endpoint Management
Email & Collaboration Security
Contents:
Samsung Electronics has informed its customers about a data breach impacting those who shopped at the Samsung UK online store from July 1, 2019, to June 30, 2020.
This breach resulted in unauthorized access to personal information.
Breach Traced to Third-Party Application Vulnerability
Samsung traced the breach, discovered on November 13, back to a hacker who exploited a vulnerability in a third-party application they used. The specifics of the security flaw and the affected application have not been disclosed.
The data exposed includes:
- names,
- phone numbers,
- and postal and email addresses of customers.
Samsung assures customers that the breach did not affect any financial data or passwords.
Samsung Alert (Source)
Samsung’s Measures and Past Security Incidents
In a statement for BleepingComputer, a Samsung spokesperson said that the breach only affects the UK and does not impact U.S. customers, Samsung employees, or retailers.
The company has addressed the security issue and reported the incident to the UK’s Information Commissioner’s Office.
We were recently alerted to a cybersecurity incident, which resulted in certain contact information of some Samsung UK e-store customers being unlawfully obtained.
No financial data, such as bank or credit card details, or customer passwords, were impacted. The incident is limited to the UK and does not affect U.S. customers, employees or retailer data.
Samsung’s statement (Source)
This incident adds to Samsung’s recent history of data breaches. In July 2023, a breach exposed customer details like names and contact information.
In March 2022, the Lapsus$ group breached Samsung’s network, stealing confidential data including Galaxy smartphone source code.
Samsung acknowledges the loss of some internal data in these breaches, underscoring the ongoing challenges in maintaining cybersecurity.
If you liked this piece, follow us on LinkedIn, Twitter, Facebook, and YouTube for more cybersecurity news and topics.
Madalina, a seasoned digital content creator at Heimdal®, blends her passion for cybersecurity with an 8-year background in PR & CSR consultancy. Skilled in making complex cyber topics accessible, she bridges the gap between cyber experts and the wider audience with finesse.
