Samsung data breach affects UK customers

Blames a vulnerability in the supply chain

South Korean consumer electronics giant Samsung Electronics has confirmed that hackers accessed its UK-based customers personal data during a year-long breach of its systems.

Samsung said an unnamed third party application was to blame for the breach. Hackers exploited the flaw to access the personal information of UK customers who bought products from Samsung's online store between 1st July 2019 and 30th June 2020.

Samsung confirmed in a letter that it only recently discovered the attack:

The company told us that, despite the attackers accessing data specifically from 2019 and 2020, the incident only took place recently. We have asked for clarification on dates.

In a letter to affected customers, the company said hackers may have accessed personal details including names, phone numbers, postal and email addresses.

Samsung spokesperson Chelsea Simpson told TechCrunch in a statement: "No financial data, such as bank or credit card details or customer passwords, were impacted."

Simpson added that the company has reported the issue to the UK's Information Commissioner's Office (ICO).

ICO spokesperson Adele Burns confirmed to TechCrunch that the regulator is aware of the incident and "will be making enquiries."

This is the third data breach Samsung has disclosed in the past two years.

In September 2022 the company confirmed that attackers accessed information from some of its US systems. However, it had declined to comment on the number of customers affected.

Prior to this, in March 2022, Samsung confirmed a breach after Lapsus$ hackers claimed to have obtained and leaked almost 200GB of confidential information from its systems.

This included source code for various technologies and algorithms for biometric unlock operations.