Samsung has confirmed that hackers accessed the personal data of U.K.-based customers during a year-long breach of its systems.
Samsung Confirms Major Data Breach
The company spokesperson Chelsea Simpson said Samsung was “recently alerted to a security incident” that “resulted in certain contact information of some Samsung U.K. e-store customers being unlawfully obtained.”
As per the document, Samsung said that attackers exploited a vulnerability in an unnamed third-party business application to access the personal information of customers who made purchases at Samsung U.K.’s store between July 1, 2019 and June 30, 2020.
In the letter, which was shared on X (formerly Twitter), Samsung said it didn’t discover the compromise until more than three years later, on November 13, 2023.
Hackers got names, phone numbers, postal addresses and email addresses. “No financial data, such as bank or credit card details or customer passwords, were impacted,” Samsung’s spokesperson told TechCrunch, adding that the company had reported the issue to the U.K.’s Information Commissioner’s Office (ICO).