Samsung Suffers Another Massive Data Breach: Should You Be Worried?

Korean smartphone and TV giant, Samsung, lost an unknown amount of data relating to an unknown number of customers and remained silent for almost a month.

So what happened? Who was affected? And are Samsung users safe?

What happened during the Samsung data breach?

The short answer is that Samsung doesn’t know how the data breach happened – or at least it’s not said in the September 2 press release, which simply states that “As of late July 2022, a third party not authorized has acquired information from some of Samsung’s U.S. systems”.

The statement continues:

“We want to assure our customers that the issue has not impacted social security numbers or credit and debit card numbers, but in some cases it may have affected information such as name. , contact and demographic information, date of birth, and product registration information. The relevant information for each applicable customer may vary.”

Contact details likely include home address, phone number and email address. Additional information collected during product registration includes gender, precise geolocation data, Samsung account profile ID, username, etc. Even your email address can be valuable to criminals.

Samsung’s half-hearted assurance may console some customers that criminals aren’t using their credit card details to, say, buy untraceable cryptocurrency. However, the amount of information the company admits may were taken is stunning, and not something so easy to pass off as intangible.

With this level of detail, it should be relatively easy for attackers to construct precision phishing attacks, engineer SIM card swaps, and take out credits and loans in a victim’s name.

Perhaps that’s why Samsung’s release is careful to note that, while it doesn’t offer free credit monitoring to victims, “you are entitled under U.S. law to a credit report free per year from each of the three major national credit bureaus”.

Samsung discovered the flaw on August 4, 2022 and released this limited information 30 days later. Data breach disclosure laws vary across the United States, but it is common for notification of such a breach to be made as quickly as possible and without unreasonable delay. The maximum time allowed for disclosure is between 30 days (Colorado, Florida) and 90 days (Connecticut). By delaying disclosure that long, Samsung could be putting itself at risk.

Who was affected by the Samsung data breach?

As for who was affected, Samsung does not even give approximate figures. It can be all customers who have ever owned a Samsung device, or it can be just a handful. We do not know yet. Samsung tried to reassure affected users by saying:

“We appreciate the trust of our customers and, if we determine through our investigation that the incident warrants further notification, we will contact you accordingly.”

Android Police reports that earlier this year, hacking group, Lapsus$, claimed to have exfiltrated 190GB of sensitive data from Samsung, including algorithms for all biometric unlock operations, bootloader source code for new Samsung products and all source code. behind the Samsung account authorization and authentication process.

What can you do there?

Alright, so what can you actually do about this breach? With this level of information revealed, you should hire a credit monitoring service to keep tabs on any new card or loan applications on your behalf. Better yet, freeze your credit until you’re sure you’re safe. It’s probably a good idea to change your phone number, too.

And if you’re worried and want reassurance or further advice, contact Samsung directly. You can also voice your displeasure, so that if something like this happens again, they don’t process your information in a seemingly careless manner.

Comments are closed.