Samsung Electronics is notifying a few of its clients of a data breach that uncovered their private data to an unauthorized particular person.
The corporate says that the cyberattack impacted solely clients who made purchases from the Samsung UK on-line retailer between July 1, 2019, and June 30, 2020.
Hacker exploits bug in third-party app
Samsung found the data breach two days in the past, on November 13, and decided that it was the results of a hacker exploiting a vulnerability in a third-party utility the corporate used.
No particulars have been offered concerning the security difficulty leveraged within the assault or the susceptible utility that enabled the attacker to entry Samsung buyer’s private data.
The notification to clients says that uncovered knowledge could embody names, telephone numbers, postal and e mail addresses. The corporate underlines that credentials or monetary data stays unaffected by the incident.
A Samsung spokesperson advised BleepingComputer that the corporate was not too long ago alerted of a cybersecurity incident that’s restricted to the UK area and doesn’t have an effect on knowledge belonging to clients within the U.S., workers, or retailers.
“We have been not too long ago alerted to a cybersecurity incident, which resulted in sure contact data of some Samsung UK e-store clients being unlawfully obtained. No monetary knowledge, reminiscent of financial institution or bank card particulars, or buyer passwords, have been impacted. The incident is restricted to the UK and doesn’t have an effect on U.S. clients, workers or retailer knowledge” – Samsung
The corporate has taken all crucial steps to deal with the security difficulty, the consultant advised BleepingComputer, including that the incident has additionally been reported to the UK’s Info Commissioner’s Workplace.
That is the third data breach Samsung has suffered in two years. The earlier one occurred in late July, 2022 – found on August 4, when hackers accessed and stole Samsung clients’ names, contacts and demographic data, dates of beginning, and product registration knowledge.
In March 2022, the knowledge extortion group Lapsus$ breached Samsung’s community and stole confidential data, together with supply code for Galaxy smartphones.
Samsung confirmed that “sure inside knowledge” had fallen into the fingers of an unauthorized get together after Lapsus$ leaked about 190GB of archived information together with an outline of the contents.
