Samsung has acknowledged a security breach that exposed the personal data of its U.K.-based customers over a year-long period. A spokesperson for the company, Chelsea Simpson, disclosed the incident in a statement to TechCrunch, revealing that Samsung had been “recently alerted to a security incident” resulting in the unauthorized acquisition of specific contact information belonging to some Samsung U.K. e-store customers.
Despite the acknowledgment, Samsung refrained from providing additional details about the breach, declining to answer queries about the number of affected customers or the method used by hackers to infiltrate its internal systems.
In an apology letter sent to impacted customers, Samsung confessed that attackers had exploited a vulnerability in an unspecified third-party business application. This breach exposed the personal details of customers who had made purchases at Samsung U.K.’s store between July 1, 2019, and June 30, 2020. The revelation came more than three years after the compromise, with Samsung only discovering the breach on November 13, 2023.
The compromised information included customers’ names, phone numbers, postal addresses, and email addresses. However, Samsung assured customers that sensitive financial data, such as bank or credit card details and passwords, remained unaffected. The company promptly reported the incident to the U.K.’s Information Commissioner’s Office (ICO), as confirmed by Samsung’s spokesperson. ICO spokesperson Adele Burns acknowledged the regulator’s awareness of the incident and stated that they would be initiating inquiries.
This marks the third data breach disclosed by Samsung in the past two years. In September 2022, the company acknowledged a breach of its U.S. systems without specifying the number of affected customers. In March 2022, Samsung confirmed another breach after the Lapsus$ hacking group claimed to have accessed and leaked nearly 200 gigabytes of confidential data, including source code for various technologies and algorithms related to biometric unlock operations.
