Samsung Breach Leaks U.S. Customer Data

Samsung has confirmed a cyberattack on the company which led to attackers accessing some vital information belonging to attackers.

The company stated in its data breach notice that the hackers “in some cases” took customer names, contact, and demographic information, date of birth, and product registration information. The company’s notice however indicate that while not every Samsung customer is affected, it remains unknown how much data was stolen in its data breach.

“In late July 2022, an unauthorized third-party acquired information from some of Samsung’s U.S. systems. On or around August 4, 2022, we determined through our ongoing investigation that personal information of certain customers was affected,” the company said in a notice.

The breach did not affect users’ Social Security numbers or credit and debit card numbers and the extent of information leaked for each customer varies.

The tech giant urge customers to be on guard against potential social engineering attempts, avoid clicking on links or operating attachments from unknown senders. Customers are also warned to review their accounts for potentially suspicious activity.

While alerting customers of the breach, Samsung has also shown decisive steps to secure the affected system and engage an outside cybersecurity firm to lead the response efforts.

Samsung action since the flaw was disclosed has raised several questions from experts. Following the disclosure, Samsung published a new privacy policy which many adjudged to be controversial.

According to the new policy, Samsung can use a customer’s “precise geolocation” for marketing and advertising with the user’s consent. The new policy also states how long Samsung stores data that users share from the Quick Share feature. Samsung says it may “collect the contents you share, which will remain available for 3 days.” The reason behind the controversial policy remains unknown.

The sources for this piece include an article in TheHackerNews.