Samsung Electronics is notifying a few of its clients of a knowledge breach that uncovered their private info to an unauthorized particular person.
The corporate says that the cyberattack impacted solely clients who made purchases from the Samsung UK on-line retailer between July 1, 2019, and June 30, 2020.
Hacker exploits bug in third-party app
Samsung found the information breach two days in the past, on November 13, and decided that it was the results of a hacker exploiting a vulnerability in a third-party utility the corporate used.
No particulars have been offered concerning the safety challenge leveraged within the assault or the weak utility that enabled the attacker to entry Samsung buyer’s private info.
The notification to clients says that uncovered information could embody names, cellphone numbers, postal and electronic mail addresses. The corporate underlines that credentials or monetary info stays unaffected by the incident.
A Samsung spokesperson informed BleepingComputer that the corporate was just lately alerted of a cybersecurity incident that’s restricted to the UK area and doesn’t have an effect on information belonging to clients within the U.S., workers, or retailers.
“We had been just lately alerted to a cybersecurity incident, which resulted in sure contact info of some Samsung UK e-store clients being unlawfully obtained. No monetary information, akin to financial institution or bank card particulars, or buyer passwords, had been impacted. The incident is proscribed to the UK and doesn’t have an effect on U.S. clients, workers or retailer information” – Samsung
The corporate has taken all needed steps to handle the safety challenge, the consultant informed BleepingComputer, including that the incident has additionally been reported to the UK’s Info Commissioner’s Workplace.
That is the third information breach Samsung has suffered in two years. The earlier one occurred in late July, 2023 – found on August 4, when hackers accessed and stole Samsung clients’ names, contacts and demographic info, dates of beginning, and product registration information.
In March 2023, the information extortion group Lapsus$ breached Samsung’s community and stole confidential info, together with supply code for Galaxy smartphones.
Samsung confirmed that “sure inside information” had fallen into the fingers of an unauthorized occasion after Lapsus$ leaked about 190GB of archived recordsdata together with an outline of the contents.