Cyberattack on Samsung’s UK Online Store Exposes Names, Phone Numbers, and Addresses
In a recent development, Samsung has fallen victim to yet another data breach, compromising the personal information of customers who made purchases from the company’s UK online store between July 1, 2019, and June 30, 2020. The breach, discovered by Samsung on November 13, 2023, revealed that names, phone numbers, postal addresses, and email addresses of affected customers were exposed.
The South Korean smartphone giant attributed the breach to a cyberattack that exploited a vulnerability in a third-party application. Although Samsung has not disclosed specific details about the exploited security flaw or the compromised application, the company assured its customers that credentials and financial information remain unaffected by the incident.
This marks the third data breach incident affecting Samsung in the past two years. In July 2023, hackers gained unauthorized access to customer data, including names, contacts, demographic information, dates of birth, and product registration data. Another breach occurred in March 2023, when threat actors infiltrated Samsung’s network, pilfering confidential information such as the source code for Galaxy smartphones.
While Samsung claims to have taken immediate steps to address the security issue, it remains unclear how many customers were impacted by the latest breach. The company has reported the incident to the UK’s Information Commissioner’s office, emphasizing its commitment to cooperating with regulatory authorities.
It is worth noting that this incident comes on the heels of a report from Google’s bug bounty team in the same month, which detailed 18 zero-day vulnerabilities in Samsung’s Exynos chipsets. Seven of these vulnerabilities were identified as potential avenues for threat actors to execute remote code on the internet-to-baseband, further raising concerns about the overall security of Samsung’s systems.
As customers await further details on the breach and the security measures taken by Samsung, the incident underscores the growing challenges companies face in safeguarding customer data against persistent and evolving cyber threats.