Previous
Samsung Exposes Personal
Information In Recent Data Breach
Learn how PurpleSec’s experts can protect your business against the latest cyber attacks.
Author: Dušan Trojanović / Last Updated: 9/19/2022
Reviewed By: Dalibor Gašić, & Michael Swanagan, CISSP, CISA, CISM
View Our: Editorial Process
Table Of Contents
Summary Of The Attack
- Samsung experienced a data breach back in late July and discovered the intrusion in early August.
- Samsung neglected its duty as a collector of personal information by not reporting the incident to affected customers in a timely manner.
- A proposed class action accuses Samsung of not warning customers of the breach in a reasonable amount of time.
- Names, contact and demographic details, dates of birth, and information related to product registration were all allegedly compromised, according to Samsung’s statement. Although Samsung claims that neither social security numbers nor credit or debit card information was accessed.
- Samsung stated that it began an inquiry, which is currently ongoing, after hiring a reputable outside cybersecurity firm. Law enforcement has also been notified by Samsung.
What Happened?
Samsung experienced a data breach back in late July and discovered the incident in early August.
Cyber attacks can typically go undetected for weeks or months, and it would be wise for companies involved to make public these incidents, lest they face legal ramifications, as Samsung is about to.
The case, which was submitted to the U.S. District Court for Nevada, claims that Samsung neglected its duty as a collector of personal information by failing to notify impacted customers in a timely manner, until September.
What Was The Impact?
Samsung disclosed a data breach that it discovered on or about the 4th of August that compromised the personal data of more than 3,000 customers.
Several Samsung US systems were compromised in late July 2022 after information was obtained by an unauthorized party.
Samsung stated that they determined through ongoing investigation that the personal information of certain customers was affected.
Samsung claims that it found out about the breach after conducting an investigation. The issue raised by the complaint, though, is that Samsung didn’t contact its affected customers until the following month.
Personal Identifiable Information Exposed
Names, contact and demographic details, dates of birth, and information related to product registration were all allegedly compromised, according to Samsung’s statement. They observed that depending on the client, the information changed.
Although Samsung claims that neither social security numbers nor credit or debit card information was accessed, however, the extent of the data that was compromised is alarming.
In its privacy policy, Samsung’s data breach notice includes a vague mention of demographic information that was stolen by the hackers.
Samsung mentioned that it collects this unspecified demographic information to help deliver the best experience possible with its products and services, which is another way of expressing targeted advertising.
Cybercriminals may be interested in the stolen data for subsequent phishing assaults. The business warned clients not to click on links in shady emails or open unsolicited messages.
How PurpleSec Helps To Secure Your Organization
Our vulnerability management services and penetration testing services provide a holistic approach to securing what’s most important to you.
Samsung Experienced A Breach In March 2022
In March, Samsung experienced yet another serious security breach that exposed sensitive corporate information, including the source code for its Galaxy smartphone line.
The business then clarified that while some source code related to the operation of Galaxy devices was compromised, neither customer nor employee personal data was exposed.
Although the precise number of people affected is still unknown, the March hack was thought to have exposed 190GB of user data.
Why Did Samsung Wait To Disclose The Breach?
It is unclear why Samsung would wait until September to inform its customers if the breach was discovered sometime around the 4th of August.
According to the business, Samsung started sending emails to consumers whose personal information had been taken earlier this month.
Samsung stated that it began an inquiry, which is currently ongoing, after hiring a reputable outside cybersecurity firm. Law enforcement has also been notified by Samsung.
Samsung released a new privacy statement and reported a data breach on the same day. The updated policy now clearly indicates that, with the user’s permission, Samsung may use a customer’s precise geolocation for marketing and advertising.
Additionally, the revised policy clearly specifies how long Samsung keeps user-shared data from the Quick Share feature. Samsung claims it might compile the materials you share, which will be accessible for three days.
Related Articles:
Dušan Trojanović
Dušan is a Senior Security Engineer actively working as a penetration tester in DevSecOps projects. He is also an avid security researcher bringing forward analysis on the latest attacks and techniques.
Recent Attacks
- Top 10 Cyber Attacks In 2022
- Top 10 Vulnerabilities In 2022
- Rackspace Ransomware Attack
- Dropbox Suffers Data Breach
- Iranian APT Uses Log4j
- Google SEO Poisoning Campaign
- Killnet DDoS Target Airports
- Advocate Aurora Health Data Leak
- Microsoft 2.4 TB Data Leak
- Optus Exposes 2.1M Customers
- $570M Binance Coin Hack
- TikTok Denies Cyber Attack
- NATO Data Leak
- Uber’s Systems Compromised
- Cisco Cyber Attack
- Samsung Exposes PII
Popular Articles
Ransomware Attacks
Preventing Attacks
HEALTHCARE
GOVERNMENT
CRYPTO