After the attack that hit the company in late July 2022, Samsung disclosed a data breach. The Electronics giant discovered on August 4 that threat actors have had access to its systems and exfiltrated customer personal information.
The threat actors had access to Samsung customers’ names, contacts, dates of birth, product registration data, and demographic information. At the same time, Social Security or credit card numbers were not exposed in the security breach.
“In late July 2022, an unauthorized third party acquired information from some of Samsung’s U.S. systems. On or around August 4, 2022, we determined through our ongoing investigation that personal information of certain customers was affected. We have taken actions to secure the affected systems, and have engaged a leading outside cybersecurity firm and are coordinating with law enforcement.” reads a notice published by the company. “We want to assure our customers that the issue did not impact Social Security numbers or credit and debit card numbers, but in some cases, may have affected information such as name, contact and demographic information, date of birth, and product registration information.”
The company states that information exposed for each relevant customer may vary, however it is notifying impacted customers.
Samsung claims to have detected the incident and to have taken action to secure the impacted systems. The company has also hired a leading cybersecurity firm to investigate the incident and reported it to law enforcement.
The company states that customers have no immediate action to do to mitigate the potential impacts of the incident, anyway it recommends that its customers:
Threat actors had access to internal company data, including the source code of Galaxy models.
The gang announced the availability of the sample data on its Telegram channel and shared a Torrent file to download it. They also shared an image of the source code included in the stolen data.
Stolen data includes confidential Samsung source code, including:
(SecurityAffairs – hacking, Data breach)