Samsung suffered a new data breach

Samsung Electronics disclosed a data breach that exposed customer personal information to an unauthorized individual.

Samsung Electronics suffered a data breach that exposed the personal information of some of its customers to an unauthorized individual.

The security breach was discovered on November 13, 2023, and impacted customers who made purchases from the Samsung UK online store between July 1, 2019, and June 30, 2020.

Threat actors exploited a vulnerability in a third-party unnamed application used by the IT giant.

The company is notifying impacted customers, exposed data may include names, phone numbers, postal and email addresses.

The company pointed out that financial information remains unaffected by the incident.

“Dear Valued Customer,
At Samsung Electronics (UK) Limited, security is a top priority. We are emailing you to inform you that we recently discovered a cybersecurity incident that affected some of your personal information.
What happened? On 13 November 2023, it was determined that an unauthorised individual exploited a vulnerability in a third-party business application we use, and that some personal information of certain customers who made purchases on SEUK’s eCommerce site between July 1, 2019 and June 30, 2020, was affected.” reads the data breach notification sent to the customers. “What information was involved? Based on our investigation, we have identified that the affected data may have included your name, phone number, address and email address. We want to assure you that the issue did not impact your password or financial information.”

A Samsung spokesperson told BleepingComputer that the security breach is limited to the UK region and only impacted e-store customers. US customers were not impacted by the security breach.

This isn’t the first time Samsung has disclosed a data breach, in September the electronics giant disclosed a data breach after some of its US systems were compromised in July.

The Electronics giant discovered on August 4 that threat actors have had access to its systems and exfiltrated customer personal information.

The threat actors had access to Samsung customers’ names, contacts, dates of birth, product registration data, and demographic information. At the same time, Social Security or credit card numbers were not exposed in the security breach.

In March 2020, Samsung disclosed another data breach after it was hit by an attack conducted by the data extortion group Lapsus$.

Threat actors had access to internal company data, including the source code of Galaxy models.

The Lapsus$ gang claimed to have stolen a huge trove of sensitive data from Samsung Electronics and leaked 190GB of alleged Samsung data as proof of the hack.

The gang announced the availability of the sample data on its Telegram channel and shared a Torrent file to download it. They also shared an image of the source code included in the stolen data.

Stolen data includes confidential Samsung source code, including:

  • DEVICES/HARDWARE -Source code for every Trusted Applet (TA) installed on all samsung device’s TrustZone (TEE) with specific code for every type of TEE OS (QSEE, TEEGris etc). THIS INCLUDES DRM MODULES AND KEYMASTER/GATEKEEPER!
  • Algorithms for all biometric unlock operations, including source code that communicates directly with sensor (down to the lowest level, we’re talking individual RX/TX bitstreams here).
  • Bootloader source code for all recent Samsung devices, including Knox data and code for authentication.
  • Various other data, confidential source code from Qualcomm.

This is the third data breach Samsung has suffered in two years. The previous one occurred in late July, 2023 – discovered on August 4, when hackers accessed and stole Samsung customers’ names, contacts and demographic information, dates of birth, and product registration data.

In March 2023, the data extortion group Lapsus$ breached Samsung’s network and stole confidential information, including source code for Galaxy smartphones.

Samsung confirmed that “certain internal data” had fallen into the hands of an unauthorized party after Lapsus$ leaked about 190GB of archived files along with a description of the contents.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, data breach)