South Korean chaebol Samsung on Friday said it experienced a
cybersecurity incident that resulted in the unauthorized access of
some customer information, the second time this year it has
reported such a breach.
“In late July 2022, an unauthorized third-party acquired
information from some of Samsung’s U.S. systems,” the company
disclosed[1]
in a notice. “On or around August 4, 2022, we determined through
our ongoing investigation that personal information of certain
customers was affected.”
Samsung said the infiltration enabled hackers to access certain
data such as names, contact and demographic information, dates of
birth, and product registration details.
It stressed that the incident did not affect users’ Social
Security numbers or credit and debit card numbers, but noted the
information leaked for each relevant customer may vary.
The collected information is necessary to help the company
deliver the best experience with its products and services, it
added. It’s unclear how many customers were affected or who was
behind the hack, and why it took almost a month for the company to
divulge the breach.
Aside from notifying users about the security event, Samsung
stated it has taken steps to secure the impacted systems and
engaged an outside cybersecurity firm to lead the response
efforts.
Furthermore, it’s urging users to be on guard against potential
social engineering attempts, avoid clicking on links or opening
attachments from unknown senders, and review their accounts for
potentially suspicious activity.
The announcement comes less than six months after Samsung
confirmed a similar incident. In March 2022, it revealed[2]
that internal data, including the source code related to its Galaxy
smartphones, was leaked in the aftermath of an attack staged by the
LAPSUS$ extortion gang.
Read more https://thehackernews.com/2022/09/samsung-admits-data-breach-that-exposed.html