Samsung Data Breach Occured For 1 Year Without Being Noticed
Samsung UK recently disclosed a cyberattack that occurred between July 1, 2019, and June 30, 2020, leading to the exposure of customer data. Samsung data breach, involving personal details of customers who made purchases on Samsung’s eCommerce site during that period, was only discovered on November 13, 2023.
In their statement, Samsung elaborated, “On 13 November 2023, it was determined that an unauthorized individual exploited a vulnerability in a third-party business application we use and that some personal information of certain customers who made purchases on SEUK’s eCommerce site between July 1, 2019, and June 30, 2020, was affected.”
The Cyber Express team has contacted officials to obtain information regarding the Samsung data breach. However, as of now, there has been no response from the officials.
Samsung Data Breach
Samsung recently revealed a data breach where attackers exploited vulnerabilities in a third-party business application, gaining unauthorized access to sensitive customer data. The compromised information includes names, telephone numbers, email addresses, and mailing addresses.
The company’s official notification further stated, “Based on our investigation, the affected data may have included your name, phone number, address, and email address.”
Samsung has alerted affected consumers about the inadvertent disclosure of their personal information to an external entity. Taking immediate action on the Samsung data breach, officials are implementing enhanced safety measures to prevent such security lapses in the future.
Fortunately, the breach did not compromise sensitive financial details, and Samsung emphasizes that passwords and financial information remain unaffected. Samsung data breach was limited to the United Kingdom, and Samsung is actively communicating the matter to the UK’s Information Commissioner’s Office (ICO) for further investigation and regulatory compliance.
“We want to assure you that the issue did not impact your password or financial information,” reassures Samsung in its efforts to address and rectify the situation.
Notification to Samsung Users
In a screenshot posted by Twitter user Michael Valentine, Samsung reportedly notified its customers of the security breach, stating, “We are emailing you to inform you that we recently discovered a cybersecurity incident that affected some of your personal information.
As such, data owners are generally found accountable for data breaches. However, rarely is one person solely responsible. Data breaches can be caused by many factors, including human error, malicious actors, outdated cybersecurity, and systematic or intentional failure.
It has been discovered from some surveys that data breach arises due to the employee as its greatest cause. In a 2022 report by Verizon, it indicated that 82 percent of data breaches were attributed to human error.
Organizations should also make it an individual responsibility because it will protect data privacy and security.
What Should Firms do Once they Detect Data Breach?
Upon detecting a data breach, data controllers must inform the ICO within 72 hours, especially if it implies a risk to the rights and freedoms of data subjects. In cases involving a third party, immediate notification to the controller is necessary, followed by informing the ICO and the victims.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
