If you are a Samsung user from the UK who made a purchase from the company’s UK online store anytime between July 1, 2019 and June 30, 2020, then your personal information is likely to have been exposed. In a recurrent episode of cybersecurity vulnerabilities, Samsung, the global tech conglomerate, has found itself entangled in yet another data breach that occurred during the aforementioned period. This data breach marks the third incident in the last two years, signalling potential gaps in the company’s cybersecurity infrastructure. What is even more alarming, is the fact — well accepted by the company — that the data breach persisted for nearly an year.
On November 13, 2023, Samsung unearthed a data breach affecting customers who had made purchases from the Samsung UK online store between July 1, 2019, and June 30, 2020. The breach, according to the South Korea-headquartered enterprise, exposed critical personal information, including names, phone numbers, postal, and email addresses. It seems that the success of the year-long breach lies in the exploitation of a vulnerability within a third-party application, wherein attackers were able to access the personal information of Samsung customers. Samsung itself remains tight-lipped about the specific application and the exact nature of the security loophole and with this development, questions loom regarding the underlying vulnerabilities in third-party integrations within Samsung’s digital ecosystem.
Customers affected by this breach can rest assured that their financial and credential data remains secure. Samsung has been quick to highlight that the breach exclusively jeopardizes personal information. Nonetheless, while this may alleviate some concerns, the exposure of names, phone numbers, and addresses raises broader questions about the efficacy of Samsung’s data protection measures.
— Troy Hunt (@troyhunt) November 15, 2023
“We were recently alerted to a cybersecurity incident, which resulted in certain contact information of some Samsung UK e-store customers being unlawfully obtained. No financial data, such as bank or credit card details, or customer passwords, were impacted. The incident is limited to the UK and does not affect U.S. customers, employees or retailer data,” a spokesperson for Samsung commented on the matter.
In response to the breach, Samsung has taken decisive action, both in addressing the security loophole and ensuring regulatory compliance. The company promptly reported the incident to the UK’s Information Commissioner’s Office in order to manage the fallout and rebuild customer trust in the company. Furthermore, the company communicated directly with the affected customers.
Still, the latest breach is not an isolated incident for Samsung; it’s part of a troubling pattern. In July 2022, hackers gained unauthorized access, pilfering customer names, contacts, demographic details, dates of birth, and product registration data. And in March of the same year, the hackers were able to steal confidential information after successfully breaching Samsung’s network. The recurrence of such data breaches highlights once again why Samsung must fortify its cybersecurity defenses against evolving threats.