A recent Samsung data breach has leaked the personal information of many customers in the United Kingdom (UK).
The Korean phone maker discovered the data breach on November 13 and revealed it earlier this week. According to Samsung, the attack exposed the personal information of customers who made purchases from the Samsung UK store online between July 1, 2019, and June 30, 2020.
— Michael Valentine (@KwyjiboUK) November 15, 2023
Samsung released a letter to its users which was shared on X soon afterward. It says that the attackers were able to exploit a vulnerability that existed in a third-party application Samsung used for its business.
The company assures that the attack did not expose any passwords or customer financial information, but the personal information of many was compromised. This included names, phone numbers, email addresses, and home addresses.
Samsung has responded to the security concern by reporting the incident to the UK’s Information Commissioner’s Office. This marks the third data breach experienced by Samsung within the span of two years.
In a late July 2022 breach, hackers successfully infiltrated Samsung’s system, pilfering customers’ names, contacts, demographic details, dates of birth, and product registration data. Samsung also assured back then that the attackers were not able to steal any financial information such as credit card numbers or Samsung Pay details.
Earlier in March 2022, the data extortion group Lapsus$ managed to breach Samsung’s network, gaining unauthorized access to confidential information, including the source code for Galaxy smartphones. The same hacker group also targeted other tech giants including Nvidia and Microsoft and threatened to release the source code of their key products. Some companies even had their data exposed publicly via Telegram channels.