Samsung Confirms Year-Long Data Breach

Samsung has disclosed it recently discovered a “cybersecurity incident” that impacted customer’s personal data during a nearly year-long breach of its systems. 

In a letter to customers, which was shared on X (formerly Twitter), Samsung said U.K.-based customers who accessed its e-commerce site between July 1, 2019 and June 30, 2020, had their data compromised.

The company said attackers exploited a vulnerability in an unnamed third-party business application to access customer’s personal information, including their names, phone numbers, addresses and email addresses.

Samsung said the breach was not discovered until this November, three years after the incident seemingly ended.  

The incident marks the third data breach disclosed by Samsung in the past two years.

In March 2022 the company said it had been attacked by hacking group Lapsus$, which claimed to have leaked 190 gigabytes of data from the company’s systems, including source codes for its Galaxy-branded devices.

In July of the same year, the company was victim to a cybersecurity incident that impacted its U.S. customers.

In a statement, Samsung said an “unauthorized third party” acquired information from some of Samsung’s U.S. systems.

The company said the issue “did not impact Social Security numbers or credit and debit card numbers,” but in some cases, may have compromised personal data such as name, contact and demographic information, date of birth and product registration information.

Related:Boeing Cyberattack Highlights Need for Security Solutions

“We have taken actions to secure the affected systems,” the company said. “And [we] have engaged a leading outside cybersecurity firm and are coordinating with law enforcement.”