Samsung US Says Customer Data Compromised in July Data Breach


Just before the Labor Day holiday weekend, electronics giant Samsung US announced that the personal information of some customers was compromised in a July data breach.

Just before the Labor Day holiday weekend, electronics giant Samsung US announced that the personal information of some customers was compromised in a July data breach.

As part of the incident, which was identified roughly a month ago, an unauthorized third party gained access to some of Samsung’s US systems and exfiltrated information stored on them.

Although it had determined that the personal information of some of its customers was compromised in the attack, Samsung took nearly a month to disclose the incident publicly.

“In late July 2022, an unauthorized third party acquired information from some of Samsung’s U.S. systems. On or around August 4, 2022, we determined through our ongoing investigation that personal information of certain customers was affected,” Samsung said in a September 2 notice.

The attackers, the company said, accessed information such as names, birth dates, contact information, demographic data, and product registration information. Social Security numbers and credit card details were not impacted in the attack.

“The information affected for each relevant customer may vary. We are notifying customers to make them aware of this matter,” Samsung said.

The electronics giants also said that it took the necessary actions to secure the affected systems and that it has been working on improving the security of its systems to prevent similar incidents.

What Samsung did not say, however, was how many individuals were impacted and whether corporate data was also exfiltrated in the attack. No details on how the threat actors gained access to Samsung’s systems were provided either.

SecurityWeek emailed Samsung for additional clarification on the incident and will update this article as soon as a reply arrives.

This is the second data breach that Samsung has disclosed in 2022. In March, the company confirmed it fell victim to the Lapsus$ ransomware gang in an attack that resulted in Samsung source code being leaked online.


By Ionut Arghire on Tue, 06 Sep 2022 06:46:28 +0000
Original link