In a recent incident, Samsung, the Korean phone manufacturer, has fallen victim to a data breach affecting numerous customers in the United Kingdom (UK). The breach, discovered on November 13 and disclosed later in the week, compromised the personal information of individuals who made purchases through the Samsung UK online store between July 1, 2019, and June 30, 2020.
Samsung, in a letter to its users subsequently shared on X, acknowledged that the attackers exploited a vulnerability in a third-party application used by the company for its business operations. While Samsung asserts that the breach did not expose passwords or financial data, it did compromise a significant amount of personal information, including names, phone numbers, email addresses, and home addresses.
In response to the security incident, Samsung promptly reported the breach to the UK’s Information Commissioner’s Office. Notably, this marks the third data breach incident for Samsung within a two-year period. In March 2022, the data extortion group Lapsus$ successfully breached Samsung’s network, gaining unauthorized access to confidential information, including the source code for Galaxy smartphones. This same hacking group targeted other prominent tech companies such as Nvidia and Microsoft, issuing threats to release the source code of their critical products. Some companies even had their data publicly exposed through Telegram channels.