Article Details

Samsung UK discloses year-long breach, leaked customer data. Chaebol already the subject of suits for a pair of past indiscretions. The UK division of Samsung Electronics has allegedly alerted customers of a year-long data breach – the third such incident the South Korean giant has experienced around the world in the past two years. An email to customers, shared on social media by web security consultant and Have I Been Pwned creator Troy Hunt, detailed that the breach exposing data of customers who made purchases between July 1, 2019 and June 30, 2020 was discovered on November 13. Samsung Electronics UK said an unauthorized individual exploited a vulnerability in a third-party business application used by the firm. Exposed information included names, phone numbers, plus physical and email addresses. Samsung previously acknowledged a nearly 200GB breach by extortion gang Lapsus in March 2022 that included internal information such as Galaxy smartphone source code. Only a few months passed before Samsung's US outpost reported another breach: a late July intrusion that targeted customer data. Samsung revealed that customers potentially had names, contact and demographic information, birth date and product registration information stolen, but not social security numbers. After the July 2022 hack, Samsung gave assurances that it had taken action to secure affected systems and that it was working with authorities. Despite such promises, the combination of the two cyber intrusions earned the chaebol a class action lawsuit in September 2022. The suit alleged Samsung unnecessarily collects personally identifiable information from its customers and subsequently fails to protect it. The lawsuit asserts that customers were forced into handing over their data or else functions and features on TVs and printers would be disabled. Samsung "was aware that the fraudsters and criminals who had access to the stolen source codes and authentication-related information (among other confidential data) could penetrate defendant's weak systems," argued the suit. The Register has sought comment from Samsung but had not received a response at the time of writing.