Samsung confirms data breach affecting some UK customers
The tech giant said the contact information of some UK customers who made purchases from its online store have been accessed.
Your support helps us to tell the story
From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.
At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.
The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.
Your support makes all the difference.Samsung has confirmed the personal contact information of some UK customers has been “unlawfully obtained” in a data breach.
The technology giant said no financial data, bank card details or customer passwords were involved, but in an email sent to affected customers the company said the data may include their name, phone number, address and email address.
The breach has affected some people who made purchases from Samsung UK’s online store, but the number of customers has not been disclosed.
In its message to affected customers, Samsung said it had seen an unauthorised individual exploit a vulnerability in a third-party business application the company uses, and, as a result, the information of certain customers who made purchases on Samsung’s e-commerce site between July 1 2019 and June 30 2020 was exploited.
No financial data, such as bank or credit card details, or customer passwords, were impacted
“We were recently alerted to a cybersecurity incident, which resulted in certain contact information of some Samsung UK e-store customers being unlawfully obtained,” a Samsung spokesman said.
“No financial data, such as bank or credit card details, or customer passwords, were impacted.
“We have taken all necessary steps to resolve this security issue, including reporting the incident to the Information Commissioner’s Office and contacting affected customers.”
In response to the incident, a spokesman for the Information Commissioner’s Office (ICO) said: “Samsung has made us aware of an incident and we will be making inquiries.”
Javvad Malik, lead security awareness advocate at cybersecurity firm KnowBe4, said: “It’s good that Samsung has responded and notified customers in a timely manner.
It's a reminder for organisations to thoroughly assess and secure their entire digital supply chain
“Although it’s concerning that a vulnerability in a third-party application was exploited, it’s a reminder for organisations to thoroughly assess and secure their entire digital supply chain.
“Additionally, customers should remain vigilant against potential phishing attempts or scams that may arise as a result of this breach.
“While the focus is on the fact that no financial information was compromised, oftentimes personal information can be more valuable to criminals as they can use the information repeatedly to attack individuals, which is why continued user awareness training is key, because, as long as breaches continue to occur, individuals will remain the primary target of attack.”