Samsung has admitted that hackers accessed the non-public knowledge of U.Okay.-based clients throughout a year-long breach of its techniques.
In a press release to TechCrunch, Samsung spokesperson Chelsea Simpson, representing the corporate through a third-party company, stated Samsung was “not too long ago alerted to a safety incident” that “resulted in sure contact data of some Samsung U.Okay. e-store clients being unlawfully obtained.”
Samsung declined to reply additional questions concerning the incident, equivalent to what number of clients have been affected or how hackers accessed its inside techniques.
In a letter despatched to affected clients, Samsung admitted that attackers exploited a vulnerability in an unnamed third-party enterprise utility to entry the non-public data of shoppers who made purchases at Samsung U.Okay.’s retailer between July 1, 2019 and June 30, 2020.
The letter, which was shared on X (previously Twitter), Samsung stated it didn’t uncover the compromise till greater than three years later, on November 13, 2023.
Samsung informed affected clients that hackers might have accessed their names, telephone numbers, postal addresses, and e mail addresses. “No monetary knowledge, equivalent to financial institution or bank card particulars or buyer passwords, have been impacted,” Samsung’s spokesperson informed TechCrunch, including that the corporate had reported the problem to the U.Okay.’s Data Commissioner’s Workplace (ICO).
ICO spokesperson Adele Burns confirmed to TechCrunch that the U.Okay. knowledge safety regulator is conscious of the incident and “will likely be making enquiries.”
This incident is the third knowledge breach that Samsung has disclosed previously two years.
In September 2022, the corporate confirmed in a quick discover that attackers had accessed some data from a few of Samsung’s U.S. techniques however declined to say what number of clients have been affected. Previous to this, in March 2022, Samsung confirmed that it had suffered a breach after Lapsus$ hackers claimed to have obtained and leaked virtually 200 gigabytes of confidential knowledge from the corporate’s techniques, together with supply code for varied applied sciences and algorithms for biometric unlock operations.