Samsung has confirmed a data breach affecting customers who made purchases on their UK online store between July 2019 and June 2020. The breach, discovered on November 13, resulted from a cyberattack exploiting a vulnerability in a third-party application, according to reports from Bleeping Computer.
While personal details such as names, phone numbers, postal and email addresses were compromised, Samsung assured that financial data and credentials remained untouched. The company has not disclosed specifics regarding the exploited security flaw or the vulnerable application that granted access to customer information.
Samsung has taken immediate measures to address the breach and has reported the incident to the UK’s Information Commissioner’s office. This marks the third breach incident affecting the tech giant in recent years.
Previously, in July 2023, hackers accessed and stole customer names, contacts, demographic details, dates of birth, and product registration data. A similar security lapse occurred in March 2023, where threat actors breached Samsung’s network and obtained confidential information, including the source code for Galaxy smartphones.
Additionally, Google’s bug bounty team released a report in March highlighting 18 zero-day vulnerabilities within Samsung’s Exynos chipsets. Of these, seven vulnerabilities could potentially enable threat actors to execute internet-to-baseband remote code.
