Samsung Data Breach Exposes Personal Information of UK Customers

In a public statement, Samsung recently became aware of a cyber intrusion into its UK online store, which occurred between July 1, 2019, and June 30, 2020. This breach led to the theft of customer data from Samsung’s UK online store.

The incident appears somewhat enigmatic, firstly because the intrusion precisely spanned one year, and secondly, because Samsung only now became aware of the breach.

Data breach at @Samsung: https://t.co/j3JXFvYrfp

— Troy Hunt (@troyhunt) November 15, 2023

While Samsung has issued a statement, it has refrained from specifying the number of affected users. However, it revealed that the hackers exploited a vulnerability in a third-party commercial program used by Samsung, indicating that the online store’s software had a flaw that the hackers identified and exploited.

As for the compromised customer information, it includes names, phone numbers, home/shipping addresses, and email addresses. Samsung emphasized that customers’ financial data, such as bank accounts, credit card numbers, and passwords, were not compromised.

Due to regulatory reasons, Samsung is obliged to report the data breach to the UK Information Commissioner’s Office (ICO). Failure to report or concealment of the data breach by Samsung could result in substantial fines.

The UK Information Commissioner’s Office is currently aware of the incident and has stated that it will conduct an investigation.