Connect with us

Hi, what are you looking for?

Tech & Science

Samsung admits to 2020 data breach

Samsung issues warning to customers following data breach.

Samsung is one of the world's largest chip makers, and has large semiconductor factories in China
Samsung is one of the world's largest chip makers, and has large semiconductor factories in China - Copyright AFP/File Jung Yeon-je
Samsung is one of the world's largest chip makers, and has large semiconductor factories in China - Copyright AFP/File Jung Yeon-je

News has surfaced that Samsung Electronics is notifying some of its customers of a data breach that exposed their personal information to an unauthorised individual.

In relation to this, the technology company says that the cyberattack impacted only customers who made purchases from the Samsung UK online store between July 1, 2019, and June 30, 2020.

Samsung discovered the data breach this week and determined that it was the result of a hacker exploiting a vulnerability in a third-party application the company used.

A warning note to affected users tells them: “Based on our investigation, we have identified that the affected data may have included your name, phone number, address and email address. We want to assure you that the issue did not impact your password or financial information” (quoted by The Daily Mirror).

In investigating the ramifications, Javvad Malik, lead security awareness advocate at KnowBe4, has explained to Digital Journal why this data breach is potentially impactful for thousands of customers.

Malik places this latest incident in context alongside other similar incidences: “Data breaches can have significant consequences, particularly with large organisations which hold hundreds of thousands of individual records.”

With the specific incident, Malik thinks that Samsung have behaved appropriately: “It’s good that Samsung has responded and notified customers in a timely manner.” Whether notifying customers in 2023 of a problem in 2020 is timely is debatable, however.

In addition, it is both unclear precisely how the threat actor got their hands on the data, and whether the vulnerability remains unpatched to this day.

Malik does raise the matter of weaknesses within a major corporation thar have allowed such an event to happen: “Although it’s concerning that a vulnerability in a third-party application was exploited, it’s a reminder for organisations to thoroughly assess and secure their entire digital supply chain.”

He is of the view that the incident should sound warning bells to customers as well as to other businesses, in noting: “Additionally, customers should remain vigilant against potential phishing attempts or scams that may arise as a result of this breach. While the focus is on the fact that no financial information was compromised, often times personal information can be more valuable to criminals as they can use the information repeatedly to attack individuals.”

Turning this into a recommendation, Malik raises: “Which is why continued user awareness training is key, because as long as breaches continue to occur, individuals will remain the primary target of attack.”

Avatar photo
Written By

Dr. Tim Sandle is Digital Journal's Editor-at-Large for science news. Tim specializes in science, technology, environmental, business, and health journalism. He is additionally a practising microbiologist; and an author. He is also interested in history, politics and current affairs.

You may also like:

World

Let’s just hope sanity finally gets a word in edgewise.

Social Media

The US House of Representatives will again vote Saturday on a bill that would force TikTok to divest from Chinese parent company ByteDance.

Business

Two sons of the world's richest man Bernard Arnault on Thursday joined the board of LVMH after a shareholder vote.

Entertainment

Taylor Swift is primed to release her highly anticipated record "The Tortured Poets Department" on Friday.