Samsung has admitted that hackers accessed the personal data of UK-based customers during a year-long breach of its systems.
In a statement to TechCrunch, Samsung spokeswoman Chelsea Simpson, who represents the company through a third-party agency, said Samsung was “recently notified of a security incident” that “resulted in the illegal collection of certain contact details of certain Samsung online store customers in the UK Kingdom. .”
Samsung declined to answer further questions about the incident, such as how many customers were affected or how the hackers gained access to its internal systems.
In a letter sent to affected customers, Samsung admitted that attackers exploited a vulnerability in an anonymous third-party business application to gain access to the personal details of customers who made purchases at a Samsung UK store between 1 July 2019 and 30 June 2020 .
In the letter, shared with X (formerly Twitter), Samsung said it didn’t discover the compromise until three years later, on November 13, 2023.
Samsung told affected customers that hackers may have accessed their names, phone numbers, postal addresses and email addresses. “No financial data such as bank or credit card details or customer passwords were affected,” a Samsung spokesperson told TechCrunch, adding that the company had reported the issue to the UK’s Information Commissioner’s Office (ICO).
ICO spokeswoman Adele Burns confirmed to TechCrunch that the UK data protection regulator is aware of the incident and “will be investigating”.
This incident is the third data breach disclosed by Samsung in the past two years.
In September 2022, the company confirmed in a brief notice that attackers had accessed some information from some Samsung systems in the US, but declined to say how many customers were affected. Before that, in March 2022, Samsung confirmed that it had been breached after Lapsus$ hackers claimed to have obtained and leaked nearly 200 gigabytes of confidential data from the company’s systems, including source code for various technologies and algorithms for biometric functions unlocking.
