Sezzle - FInTech Tracker - September 2023

Report: Samsung Discloses Year-Long Data Breach in UK Store


Samsung has reportedly disclosed a year-long breach of its systems, which resulted in unauthorized access to the personal data of customers who made purchases at its U.K. store.

The breach occurred between July 1, 2019, and June 30, 2020, but Samsung only discovered it on Nov. 13, TechCrunch reported Thursday (Nov. 16), citing a letter sent by the technology company to customers that was shared on X.

Reached for comment, a Samsung spokesperson told PYMNTS in an email: “We were recently alerted to a cybersecurity incident, which resulted in certain contact information of some Samsung UK e-store customers being unlawfully obtained. No financial data, such as bank or credit card details, or customer passwords, were impacted.

“We have taken all necessary steps to resolve this security issue, including reporting the incident to the Information Commissioner’s Office and contacting affected customers,” the statement said.

The letter from Samsung to affected customers said that hackers exploited a vulnerability in a third-party business application to gain access to personal information, according to the report. The compromised data included names, phone numbers, postal addresses and email addresses.

This incident marks the third data breach that Samsung has disclosed in the past two years, according to the TechCrunch report. In September 2022, Samsung confirmed a data breach in its U.S. systems. In March 2022, Samsung said it had suffered a breach after hackers claimed to have obtained and leaked confidential data, including source code and algorithms for biometric unlock operations.

The news of the data breach at Samsung comes three days after it was reported that there was a data breach at Michigan-based healthcare provider McLaren Health Care. That incident compromised the personal and health information of about 2.2 million patients and involved a ransomware gang gaining unauthorized access to McLaren’s systems for three weeks in July and August.

In another incident earlier this year, it was reported that hackers stole data from several users of the file transfer tool MOVEit Transfe. Software maker Progress Software revealed a vulnerability, said it could lead to potential unauthorized access into users’ systems and reported that the company had made fixes available since discovering the vulnerability in May.