Electronics Giant Samsung Confirms a Data Breach Affecting Personal Information of Customers

Samsung announced a data breach involving customers’ personal information, assuring that social security data of customers has’t been impacted. The company hired a law enforcement agency to secure its system. 

Samsung informed its users regarding a cybersecurity incident leading to the compromise of customers’ data. According to Samsung, the company suffered through a data breach in July and was discovered on August 4, 2022. Samsung confirmed the breaching and exfiltration of customers’ data, including names, demographic information, contacts, and product registration information. 

Samsung clarified that data stolen for each customer might vary. Furthermore, credit & debit cards and social security numbers remained unaffected. 

“This has been a tough year for Samsung, and it’s clear that damage caused by the Lapsus$ ransomware gang was far worse than initially thought,” Tiberium.io CEO Drew Perry told Spiceworks, “this highlights that when it comes to ransomware, prevention is always better, and more cost-effective, than cure.”

Stolen data suggests that phishing attacks can target impacted customers. Samsung didn’t recommend instant action for them but advised to stay vigilant regarding unsolicited communications, asking for their personal information by referring them to a webpage or requiring them to click on links and attachments. 

Samsung spokesperson Chris Langlois told TechCrunch through email via crisis communication Edelman that demographic data of customers was used for the sake of advertisement but didn’t specify the nature of the date. Moreover, Langlois didn’t comment on why Samsung didn’t notify customers immediately regarding the data breach. 

One month after they learned about the incident, the electronics’ American division informed the consumers. The South Korean army has already informed law enforcement and is sorting out this issue with a cybersecurity company’s help. 

In March, Samsung was also targeted by the Lapsus$ cyber extortion group, resulting in 190 gigabytes of proprietary information breach, including Trusted Applet (TA) used in hardware cryptography, devices’ source codes, binary encryption, algorithms for all biometric unlocking operations, and more.

Suggested Read: US Blocks Tornado Cash Investors for Money Laundering Risks & Links to Korean Hackers