As per Samsung, the data breach was a result of a vulnerability in a third-party business application.
Samsung has notified its customers in the United Kingdom that a data breach has exposed the personal information of thousands of individuals. The breach impacted customers who made purchases on the company’s UK online store between July 1, 2019, and June 30, 2020.
The company discovered the breach on November 13, 2023, and determined that an unauthorized individual exploited a vulnerability in a third-party business application to access customer data. Samsung has not disclosed the identity of the hacker.
The affected personal information may include names, addresses, phone numbers, and email addresses. Samsung has assured its customers that financial information and passwords were not accessed in this breach.
The email from Samsung to the impacted user said, “On 13 November 2023, it was determined that an unauthorized individual exploited a vulnerability in a third-party business application we use and that some personal information of certain customers who made purchases on SEUK’s eCommerce site between July 1, 2019, and June 20, 2020, was affected.”
It’s worth noting that Samsung confirmed to Hackread.com that only its UK customer base was affected by the data breach. Users in the United States, Canada, South Korea, and elsewhere have no cause for concern.
Samsung has reported the incident to authorities, including the UK’s Information Commissioner’s Office, responsible for enforcing the UK General Data Protection Regulation (UK GDPR).
This data breach is separate from the one that Samsung announced in September 2022, impacting only the company’s US customers. The incident resulted in the breach of private user data, including names, dates of birth, product registration data, demographic information, and contact numbers.
The latest announcement is not an isolated incident. Samsung has a history of being targeted by hackers due to its large-scale customer base, with over 992.4 million active Samsung smartphone owners in 2020. Previously, the South Korean technology giant was hacked by Lapsus$ hackers, who leaked the company’s source code online in March 2022.
Nevertheless, the latest Samsung data breach announcement is a reminder of the importance of protecting personal information. Consumers should take steps to protect themselves from identity theft and fraud, such as using strong passwords, avoiding phishing scams, and regularly reviewing their financial statements.