Samsung Admits to Year-Long Data Breach Affecting UK Customers
A Cybersecurity Nightmare for Samsung: A Year-Long Breach Exposed
In a shocking revelation, Samsung has acknowledged that hackers gained unauthorized access to the personal data of its U.K.-based customers during a year-long breach of its systems. The company’s admission comes after a lengthy investigation and marks the third data breach disclosed by Samsung in the past two years.
A Statement from Samsung
According to a statement provided to TechCrunch, Samsung spokesperson Chelsea Simpson revealed that the company was "recently alerted to a security incident" that resulted in certain contact information of some Samsung U.K. e-store customers being unlawfully obtained. The statement further emphasized that the breach occurred between July 1, 2019, and June 30, 2020.
A Third-Party Business Application to Blame
Samsung declined to provide additional details about the incident, including the number of affected customers or how hackers gained access to its internal systems. However, in a letter sent to impacted customers, Samsung revealed that attackers exploited a vulnerability in an unnamed third-party business application to access sensitive customer information.
The Scope of the Breach
In the letter shared on X (formerly Twitter), Samsung stated that hackers may have accessed customers’ names, phone numbers, postal addresses, and email addresses. Notably, the company emphasized that no financial data, such as bank or credit card details or customer passwords, were compromised during the breach.
A Delayed Discovery
Samsung’s spokesperson informed TechCrunch that the company didn’t discover the compromise until more than three years later, on November 13, 2023. This revelation raises questions about the effectiveness of Samsung’s internal security measures and its ability to detect potential breaches in a timely manner.
Reporting the Incident to Authorities
The U.K.’s Information Commissioner’s Office (ICO) has confirmed that it is aware of the incident and will be conducting an investigation. Adele Burns, ICO spokesperson, stated that the regulator "will be making enquiries" into the breach.
A Pattern of Repeated Breaches?
This latest data breach marks Samsung’s third disclosed incident in two years. In September 2022, the company confirmed a brief notice indicating that attackers had accessed some information from its U.S. systems. Prior to this, in March 2022, Samsung revealed that it had suffered a breach after Lapsus$ hackers claimed to have obtained and leaked almost 200 gigabytes of confidential data from the company’s systems.
Parsing the Breach Notice
The notice provided by Samsung raises several concerns regarding the company’s internal security measures. The fact that attackers exploited a vulnerability in a third-party business application highlights the importance of robust vendor management practices. Furthermore, the delayed discovery of the breach underscores the need for more effective incident response strategies and improved communication with customers.
Expert Analysis
The repeated breaches suffered by Samsung raise questions about the company’s commitment to cybersecurity and data protection. As the tech industry continues to grapple with the challenges of protecting sensitive information, it is imperative that companies prioritize robust security measures and transparency in their handling of customer data.
A Call for Action
In light of this incident, it is essential for consumers to remain vigilant and monitor their personal data closely. Samsung must take immediate action to address the vulnerabilities exposed by this breach and ensure that its customers’ trust is not compromised. The ICO’s investigation will undoubtedly shed more light on the circumstances surrounding this incident, and it is crucial that Samsung cooperates fully with the regulator.
Conclusion
The year-long data breach affecting Samsung U.K.’s customers serves as a stark reminder of the ongoing threats to cybersecurity in the tech industry. As companies continue to navigate the complexities of protecting sensitive information, it is essential that they prioritize robust security measures and transparency in their handling of customer data.
Related Stories:
- Governments Call for Spyware Regulations in UN Security Council Meeting
- PowerSchool Data Breach Victims Say Hackers Stole ‘All’ Historical Student and Teacher Data
- UnitedHealth Hid Its Change Healthcare Data Breach Notice for Months
About the Author:
Carly Page is a Senior Reporter at TechCrunch, where she covers the cybersecurity beat. She has spent more than a decade in the technology industry, writing for titles including Forbes, TechRadar, and WIRED.
Contact the Author:
You can reach Carly Page through email or social media platforms. Her contact information is available on her author profile page.
Disclaimer:
The content of this article is provided for informational purposes only and should not be considered as investment advice or a solicitation to buy or sell any security. The views expressed are those of the author and may not reflect the opinions of TechCrunch or its affiliates.