In what has turned out to be a somewhat chaotic past few weeks in regard to large companies keeping user data safe from malicious attackers, Samsung is the latest tech giant to be targeted by attackers who are still unknown at the moment.
The South Korean giant joins messaging platform Signal and password manager LastPass as the latest casualty of data breaches. Samsung in an email to its users details information about a critical security breach that happened in July.
The company says they are working on the issue, however, the intrusion by the attackers into their database has potentially revealed some valuable and sensitive customer information.
In the said email, Samsung expounds that the security breach in its system has possibly resulted in the exposure of customers’ private information. The company also points out the attack took place in late July 2022, which puts the events of the attack just before the pre-orders for the Galaxy Fold 4 and Flip 4 were kickstarted.
“In late July 2022, an unauthorized party acquired information from some of Samsung’s U.S. systems. On or around August 4, we determined through our ongoing investigation that [the] personal information of certain customers was affected,” reads part of Samsung’s email.
While Samsung realized on August 4th that customer data might have been compromised, it is not clear why they waited for close to one month before they could relay the same information to their users. This might however be down to the company taking their time to assess what kind of information the attackers had laid their hands on and assessing what their next steps should be.
“We have taken actions to secure the affected systems, and have engaged a leading outside cybersecurity firm and are coordinating with law enforcement. We want to assure our customers that the issue did not impact Social Security numbers or credit and debit card numbers, but in some cases, may have affected information such as name, contact and demographic information, date of birth, and product registration information. The information affected for each relevant customer may vary,” the statement continues.
Samsung’s statement seems to indicate only customers based in the USA were affected by the attack. But since the extent of the attack is still being assessed, the scope might change once everything becomes more clear and the dust settles.
Samsung, one of the biggest tech companies suffering a data breach, does not paint a good picture. To make matters worse, this is the second time the company has found itself under attack from a malicious group. Earlier in March, the South Korean giant admitted that the Lapsus$ hacking group obtained and leaked close to 200 GB of confidential data, including source code for a few of their technologies and algorithms for biometric unlock operations.
Lapsus$ is a notorious group and has also been identified in attacks targeting other big players in the tech space including Nvidia, Microsoft and T-Mobile.