Samsung admits hackers stole data from UK customers – find out if your details were included in latest breach
Samsung has confirmed that customers' data was stolen by hackers because of a year-long security breach
REUTERS
Samsung has confirmed that personal data from UK customers was accessed by hackers in a year-long security breach. If you treated yourself to a new phone, telly, or smartwatch from Samsung's online store between July 2019 and June 2020 – you could be impacted.
The South Korean company has confirmed no financial data, bank card details or customer passwords was taken during the data breach. However, data accessed by hackers could include your name, phone number, address and email address, Samsung has admitted.
Samsung has not disclosed the total number of people impacted in the year-long data breach, but it's emailing everyone whose data could've been accessed by the scammers. Check your inbox now to find out whether your data was accessed.
Hackers exploited a vulnerability in a third-party application used by Samsung to siphon information on certain customers who made purchases from its UK online store between July 1, 2019 and June 30, 2020.
That year-long period saw a number of critically adored smartphones from Samsung, including the Galaxy S10 and Galaxy S20. It also saw the launch of the first folding phones from the brand – the Galaxy Fold and Galaxy Z Flip.
Samsung's first-generation foldable, known as the Galaxy Fold, hit store shelves during the period when there was a security breach in the UK online store
SAMSUNG PRESS OFFICE
If you bought any of these models from the UK online store, it's possible your data was impacted in this breach.
"We were recently alerted to a cybersecurity incident, which resulted in certain contact information of some Samsung UK e-store customers being unlawfully obtained," a Samsung spokesman said.
"No financial data, such as bank or credit card details, or customer passwords, were impacted. We have taken all necessary steps to resolve this security issue, including reporting the incident to the Information Commissioner’s Office and contacting affected customers."
Samsung reported the data breach to the UK’s Information Commissioner’s Office (ICO) when it became aware of the breach.
In response to the incident, an ICO spokesperson said: "Samsung has made us aware of an incident and we will be making inquiries."
Javvad Malik, lead security awareness advocate at cybersecurity firm KnowBe4, said: "It’s good that Samsung has responded and notified customers in a timely manner. Although it’s concerning that a vulnerability in a third-party application was exploited, it’s a reminder for organisations to thoroughly assess and secure their entire digital supply chain.
"Additionally, customers should remain vigilant against potential phishing attempts or scams that may arise as a result of this breach. While the focus is on the fact that no financial information was compromised, oftentimes personal information can be more valuable to criminals as they can use the information repeatedly to attack individuals, which is why continued user awareness training is key, because, as long as breaches continue to occur, individuals will remain the primary target of attack."
LATEST DEVELOPMENTS
If you made a purchase from the Samsung store during the July 2019 - June 2020 period but haven't received an email from the popular brand yet, it's highly likely that your details weren't stolen by criminals exploiting the security breach.
Additional reporting from Martyn Landi, PA Technology Correspondent
You may like
