Recent Cyber Attacks

Samsung Exposes Personal Information
In Recent Data Breach

April 27, 2024

Summary Of The Attack

Samsung experienced a data breach back in late July and discovered the intrusion in early August.
Samsung neglected its duty as a collector of personal information by not reporting the incident to affected customers in a timely manner.
A proposed class action accuses Samsung of not warning customers of the breach in a reasonable amount of time.
Names, contact and demographic details, dates of birth, and information related to product registration were all allegedly compromised, according to Samsung’s statement. Although Samsung claims that neither social security numbers nor credit or debit card information was accessed.
Samsung stated that it began an inquiry, which is currently ongoing, after hiring a reputable outside cybersecurity firm. Law enforcement has also been notified by Samsung.

What Happened?

Samsung experienced a data breach back in late July and discovered the incident in early August.

Cyber attacks can typically go undetected for weeks or months, and it would be wise for companies involved to make public these incidents, lest they face legal ramifications, as Samsung is about to.

The case, which was submitted to the U.S. District Court for Nevada, claims that Samsung neglected its duty as a collector of personal information by failing to notify impacted customers in a timely manner, until September.

What Was The Impact?

Samsung disclosed a data breach that it discovered on or about the 4th of August that compromised the personal data of more than 3,000 customers.

Several Samsung US systems were compromised in late July 2022 after information was obtained by an unauthorized party.

Samsung stated that they determined through ongoing investigation that the personal information of certain customers was affected.

Samsung claims that it found out about the breach after conducting an investigation. The issue raised by the complaint, though, is that Samsung didn’t contact its affected customers until the following month.

Free Security Policy Templates

Get a step ahead of your cybersecurity goals with our comprehensive templates.

Download Now

Personal Identifiable Information Exposed

Names, contact and demographic details, dates of birth, and information related to product registration were all allegedly compromised, according to Samsung’s statement. They observed that depending on the client, the information changed.

Although Samsung claims that neither social security numbers nor credit or debit card information was accessed, however, the extent of the data that was compromised is alarming.

In its privacy policy, Samsung’s data breach notice includes a vague mention of demographic information that was stolen by the hackers.

Samsung mentioned that it collects this unspecified demographic information to help deliver the best experience possible with its products and services, which is another way of expressing targeted advertising.

Cybercriminals may be interested in the stolen data for subsequent phishing assaults. The business warned clients not to click on links in shady emails or open unsolicited messages.

Samsung Experienced A Breach In March 2022

In March, Samsung experienced yet another serious security breach that exposed sensitive corporate information, including the source code for its Galaxy smartphone line.

The business then clarified that while some source code related to the operation of Galaxy devices was compromised, neither customer nor employee personal data was exposed.

Although the precise number of people affected is still unknown, the March hack was thought to have exposed 190GB of user data.

Why Did Samsung Wait To Disclose The Breach?

It is unclear why Samsung would wait until September to inform its customers if the breach was discovered sometime around the 4th of August.

According to the business, Samsung started sending emails to consumers whose personal information had been taken earlier this month.

Samsung stated that it began an inquiry, which is currently ongoing, after hiring a reputable outside cybersecurity firm. Law enforcement has also been notified by Samsung.

Samsung released a new privacy statement and reported a data breach on the same day. The updated policy now clearly indicates that, with the user’s permission, Samsung may use a customer’s precise geolocation for marketing and advertising.

Additionally, the revised policy clearly specifies how long Samsung keeps user-shared data from the Quick Share feature. Samsung claims it might compile the materials you share, which will be accessible for three days.

Article by

Jason Firch, MBA

Jason is a proven marketing leader, veteran IT operations manager, and cybersecurity expert with over a decade of experience. He is the founder and CEO of PurpleSec.

Jason Firch, MBA

Jason is a proven marketing leader, veteran IT operations manager, and cybersecurity expert with over a decade of experience. He is the founder and CEO of PurpleSec.

Share This Article

Our Editorial Process

Our content goes through a rigorous approval process which is reviewed by cybersecurity experts – ensuring the quality and accuracy of information published.