Pierluigi Paganini September 02, 2022

Electronics giant Samsung has confirmed a new data breach after some of its US systems were compromised in July.

After the attack that hit the company in late July 2022, Samsung disclosed a data breach. The Electronics giant discovered on August 4 that threat actors have had access to its systems and exfiltrated customer personal information.

The threat actors had access to Samsung customers’ names, contacts, dates of birth, product registration data, and demographic information. At the same time, Social Security or credit card numbers were not exposed in the security breach.

“In late July 2022, an unauthorized third party acquired information from some of Samsung’s U.S. systems. On or around August 4, 2022, we determined through our ongoing investigation that personal information of certain customers was affected. We have taken actions to secure the affected systems, and have engaged a leading outside cybersecurity firm and are coordinating with law enforcement.” reads a notice published by the company. “We want to assure our customers that the issue did not impact Social Security numbers or credit and debit card numbers, but in some cases, may have affected information such as name, contact and demographic information, date of birth, and product registration information.”

The company states that information exposed for each relevant customer may vary, however it is notifying impacted customers.

Samsung claims to have detected the incident and to have taken action to secure the impacted systems. The company has also hired a leading cybersecurity firm to investigate the incident and reported it to law enforcement.

The company states that customers have no immediate action to do to mitigate the potential impacts of the incident, anyway it recommends that its customers:

• Remain cautious of any unsolicited communications that ask for your personal information or refer you to a web page asking for personal information
• Avoid clicking on links or downloading attachments from suspicious emails
• Review their accounts for suspicious activity 

In March 2020, Samsung disclosed another data breach after it was hit by an attack conducted by the data extortion group Lapsus$.

Threat actors had access to internal company data, including the source code of Galaxy models.

The Lapsus$ gang claimed to have stolen a huge trove of sensitive data from Samsung Electronics and leaked 190GB of alleged Samsung data as proof of the hack.

The gang announced the availability of the sample data on its Telegram channel and shared a Torrent file to download it. They also shared an image of the source code included in the stolen data.

Stolen data includes confidential Samsung source code, including:

• DEVICES/HARDWARE -Source code for every Trusted Applet (TA) installed on all samsung device’s TrustZone (TEE) with specific code for every type of TEE OS (QSEE, TEEGris etc). THIS INCLUDES DRM MODULES AND KEYMASTER/GATEKEEPER!
• Algorithms for all biometric unlock operations, including source code that communicates directly with sensor (down to the lowest level, we’re talking individual RX/TX bitstreams here).
• Bootloader source code for all recent Samsung devices, including Knox data and code for authentication.
• Various other data, confidential source code from Qualcomm.

Follow me on Twitter: @securityaffairs and Facebook

Pierluigi Paganini

(SecurityAffairs – hacking, Data breach)

[adrotate banner=”5″]

[adrotate banner=”13″]