Samsung Discloses Data Breach a Month After Discovering It
Samsung didn’t recommend immediate action for affected customers but advised them to stay vigilant against unsolicited communications.
Late last week, Samsung apprised users of a “cybersecurity incident” that led to the compromise of the data of some of its customers. Samsung said the incident occurred in July and discovered it on August 4, 2022.
Samsung confirmed that customers’ personal information, including names, contact and demographic information, dates of birth, and product registration information, was breached and exfiltrated.
The electronics major clarified that the information stolen for each customer may vary and that the Social Security numbers or credit and debit card numbers remain unaffected. “This has been a tough year for Samsung, and it’s clear that damage caused by the Lapsus$ ransomware gang was far worse than initially thought,” Tiberium.io CEO Drew Perry told Spiceworks.
“This highlights that when it comes to ransomware, prevention is always better, and more cost-effective, than cure.”
The type of data that was breached suggests that the impacted customers could be targeted in phishing attacks. The electronic major didn’t recommend any immediate action for affected customers but advised them to stay vigilant against “any unsolicited communications that ask for your personal information or refer you to a web page asking for personal information” and to “avoid clicking on links or downloading attachments from suspicious emails.”
See More: LastPass Hacked, Portion of Source Code Stolen Following a Developer Account Breach
Samsung is notifying all impacted customers. Although the electronics giant’s American division informed consumers one month after it learned of the incident, the South Korean arm of the corporation has already informed law enforcement and is working with a cybersecurity company.
“Considering that Samsung is one of the world’s leading technology companies, it is very concerning that it has taken the organization a month since discovering the breach to notify customers,” Perry added. “This will have essentially left critical customer data in the hands of criminals, and the victims would have had no reason to be on the lookout for suspicious activity and phishing scams.”
Earlier this year, in March, Samsung was also victimized by the Lapsus$ cyber extortion group, which stole and leaked 190 gigabytes of proprietary information. This includes source codes for devices, Trusted Applet (TA) used in hardware cryptography, binary encryption, access control; activation servers, algorithms for all biometric unlocking operations, and more.
Perry suggested the following: “For any customers that have been notified about the attack, it is time to update the passwords and enable multi-factor authentication on your online accounts and also be on high alert for phishing scams.”
Let us know if you enjoyed reading this news on LinkedIn, Twitter, or Facebook. We would love to hear from you!
MORE ON DATA BREACHES
