Samsung Electronics is notifying some of its customers of a data breach that exposed their personal information to an unauthorized individual.
The company says that the cyberattack impacted only customers who made purchases from the Samsung UK online store between July 1, 2019, and June 30, 2020.
Hacker exploits bug in third-party app
Samsung discovered the data breach two days ago, on November 13, and determined that it was the result of a hacker exploiting a vulnerability in a third-party application the company used.
No details have been provided about the security issue leveraged in the attack or the vulnerable application that enabled the attacker to access Samsung customer's personal information.
The notification to customers says that exposed data may include names, phone numbers, postal and email addresses. The company underlines that credentials or financial information remains unaffected by the incident.
A Samsung spokesperson told BleepingComputer that the company was recently alerted of a cybersecurity incident that is limited to the UK region and does not affect data belonging to customers in the U.S., employees, or retailers.
“We were recently alerted to a cybersecurity incident, which resulted in certain contact information of some Samsung UK e-store customers being unlawfully obtained. No financial data, such as bank or credit card details, or customer passwords, were impacted. The incident is limited to the UK and does not affect U.S. customers, employees or retailer data” - Samsung
The company has taken all necessary steps to address the security issue, the representative told BleepingComputer, adding that the incident has also been reported to the UK’s Information Commissioner’s Office.
This is the third data breach Samsung has suffered in two years. The previous one occurred samsung breach impacting store customers
