Samsung UK customers have been warned their data might have been compromised and exposed to an unauthorized third party.
Specifically, those who made purchases on the Samsung UK online store between July 1, 2019, and June 30, 2020.
Although it took years for the company to become aware of the attack, extremely sensitive customer data is believed to remain intact, including payment information.
Samsung data breach
The hacker is believed to have exploited a vulnerability in a third-party app used by Samsung (via Bleeping Computer). It’s unclear precisely how the threat actor got their hands on the data, and whether the vulnerability remains unpatched to this day.
An email to customers reads: “On 13 November 2023, it was determined that an unauthorised individual exploited a vulnerability in a third-party business application we use, and that some personal information of certain customers who made purchases on SEUK’s eCommerce site between July 1, 2019, and June 30, 2020, was affected.”
The email adds disclose that Samsung believes customer names, phone numbers, addresses, and email addresses could all have been exposed.
A company spokesperson confirmed to TechRadar Pro that the incident is limited to the UK, which means US customers, employees, and retailers have not been affected:
“We were recently alerted to a cybersecurity incident, which resulted in certain contact information of some Samsung UK e-store customers being unlawfully obtained. No financial data, such as bank or credit card details, or customer passwords, were impacted.”
Samsung also told us that it reported the data breach to the UK’s Information Commissioner’s Office and has communicated with affected customers, but did not go into much further detail about what how incident happened.
The period saw some of Samsung’s most notable phones on sale, including the Galaxy S10, Galaxy S20, Galaxy Fold, and Galaxy Z Flip, which means those buying these models directly from Samsung UK could be affected.
