Samsung confirms data breach affecting some UK customers

Samsung said it has taken ‘all necessary steps to resolve this security issue’ (Alamy/PA)
Samsung said it has taken ‘all necessary steps to resolve this security issue’ (Alamy/PA) Samsung said it has taken ‘all necessary steps to resolve this security issue’ (Alamy/PA)

Samsung has confirmed the personal contact information of some UK customers has been “unlawfully obtained” in a data breach.

The technology giant said no financial data, bank card details or customer passwords were involved, but in an email sent to affected customers the company said the data may include their name, phone number, address and email address.

The breach has affected some people who made purchases from Samsung UK’s online store, but the number of customers has not been disclosed.

In its message to affected customers, Samsung said it had seen an unauthorised individual exploit a vulnerability in a third-party business application the company uses, and, as a result, the information of certain customers who made purchases on Samsung’s e-commerce site between July 1 2019 and June 30 2020 was exploited.

“We were recently alerted to a cybersecurity incident, which resulted in certain contact information of some Samsung UK e-store customers being unlawfully obtained,” a Samsung spokesman said.

“No financial data, such as bank or credit card details, or customer passwords, were impacted.

“We have taken all necessary steps to resolve this security issue, including reporting the incident to the Information Commissioner’s Office and contacting affected customers.”

In response to the incident, a spokesman for the Information Commissioner’s Office (ICO) said: “Samsung has made us aware of an incident and we will be making inquiries.”

Javvad Malik, lead security awareness advocate at cybersecurity firm KnowBe4, said: “It’s good that Samsung has responded and notified customers in a timely manner.

“Although it’s concerning that a vulnerability in a third-party application was exploited, it’s a reminder for organisations to thoroughly assess and secure their entire digital supply chain.

“Additionally, customers should remain vigilant against potential phishing attempts or scams that may arise as a result of this breach.

“While the focus is on the fact that no financial information was compromised, oftentimes personal information can be more valuable to criminals as they can use the information repeatedly to attack individuals, which is why continued user awareness training is key, because, as long as breaches continue to occur, individuals will remain the primary target of attack.”