Samsung has admitted that hackers accessed the personal data of UK-based customers in a year-long breach of its systems.
In a statement to TechCrunch, Samsung spokeswoman Chelsea Simpson, who represents the company through a third-party agency, said that Samsung was “recently alerted to a security incident” that “resulted in some contact information of some Samsung UK e-store customers was unlawfully obtained. .”
Samsung declined to answer further questions about the incident, such as how many customers were affected or how the hackers accessed its internal systems.
In a letter sent to affected customers, Samsung admitted that attackers exploited a vulnerability in an unnamed third-party business application to access customers’ personal information. purchased at a Samsung UK store between 1 July 2019 and 30 June 2020.
The letter, which is shared by X (formerly Twitter), Samsung said it did not discover the compromise until more than three years later, on November 13, 2023.
Samsung told affected customers that hackers may have accessed their names, phone numbers, postal addresses, and email addresses. “No financial data, such as bank or credit card details or customer passwords, were affected,” a Samsung spokesperson told TechCrunch, adding that the company reported the issue to the Information Commissioner’s Office (ICO) in UK.
ICO spokeswoman Adele Burns confirmed to TechCrunch that the UK data protection regulator is aware of the incident and “will be making enquiries.”
This incident is the third data breach disclosed by Samsung in the last two years.
In September 2022, the company confirmed in a brief announcement that attackers had accessed some information from some Samsung systems in the US but declined to say how many customers were affected. Prior to this, in March 2022, Samsung confirmed that it had suffered a breach after Lapsus$ hackers claimed to have obtained and leaked nearly 200 gigabytes of confidential data from the company’s systems, including the source code for various technologies and algorithms for biometric unlocking operations.