Samsung has confirmed hackers did steal personal data of UK-based customers during a year-long breach of its systems.
In a statement to TechCrunch, Samsung spokesperson Chelsea Simpson-who represents the company via third-party agency-said that Samsung was "recently alerted to a security incident" that resulted in "certain contact information of some Samsung U.K. e-store customers being unlawfully obtained".
It would not address any further queries about the breach, including how many customers were affected or how hackers gained access to its internal systems.
In a letter to affected customers, Samsung said hackers took advantage of an unnamed third-party business application that contained a vulnerability to gain access to personal information of customers who shopped at Samsung U.K.'s store between July 1, 2019 and June 30, 2020.
In a letter, posted to X (formerly Twitter), Samsung said it wasn't aware of the compromise more than three years later when it discovered on November 13, 2023.
Samsung has stated that hackers may have obtained its clients' names, phone numbers, postal addresses and even email addresses. "No financial information, including bank or credit card information as well as customers' passwords, were involved," Samsung spokesperson said to TechCrunch adding "the company has reported the issue with the U.K.'s ICO.".
According to TechCrunch, an ICO spokesperson, Adele Burns, confirmed that the U.K. data protection regulator was "aware of the incident" and "will be making enquiries."
This is the third publicly admitted data breach Samsung has suffered in two years.
Last September, the company confirmed in a brief notice the attackers had access to some information from particular U.S. systems operated by Samsung but refused to comment on how many customers were affected. Earlier, in March 2022, Samsung announced that it did experience a breach following hackers from the group known as Lapsus$ who claimed to have gained access and leaked nearly 200 gigabytes of confidential data from company systems, including source code for several technologies and the algorithm used for biometric unlock operations.
Analyzing Samsung's data breach announcement