In an email received by this reporter on the evening of November 15, Samsung Electronics (U.K.) Limited confirmed that it had “recently discovered a cybersecurity incident” affecting personal customer information. Here’s what we know so far.
What Does The Samsung Hacking Disclosure Say?
According to the email, the hack was discovered on November 13. Although there is no indication as to the specific third-party business application involved, Samsung has firmly pointed the finger of blame in the direction of a vulnerability within that unnamed app. “It was determined that an unauthorized individual exploited a vulnerability in a third-party business application we use,” the email states. Customers making purchases between July 1, 2019 and June 30, 2020 are said to be impacted.
Samsung goes on to say that personal information pertaining to some customers who had made purchases on the SEUK eCommerce site was affected. The compromised data includes, Samsung says, names, addresses, phone numbers, email and IP addresses. According to the Samsung disclosure email, the hacker didn’t access any financial data or passwords.
Third-Party Application Vulnerability At Fault, Samsung Says
There is precious little other known information at this point in time, at least as it relates to the third-party business application or the vulnerability concerned. However, Samsung says that the application’s operation was suspended upon incident discovery and a forensic review was launched. Additional technical measures, including patching the application vulnerability, have been taken.
Should All Samsung Users Be Concerned?
As already mentioned, the Samsung email refers to users of the U.K. eCommerce site, and there is no word if other servers have been impacted. You would also have needed to access that site between July 2019 and June 2020 and made a purchase. Although Samsung says there is no immediate action required by users, it does recommend the following precautions:
- Remain cautious of any unsolicited communications that ask for your personal information or refer you to a web page asking for personal information.
- Avoid clicking on links or downloading attachments from suspicious emails
- Read the U.K. National Cyber Security Centre’s guidance on how to spot suspicious messages and protect yourself following such a cyber incident.
A Samsung spokesperson supplied the following statement: “We were recently alerted to a cybersecurity incident, which resulted in certain contact information of some Samsung UK e-store customers being unlawfully obtained. No financial data, such as bank or credit card details, or customer passwords, were impacted. We have taken all necessary steps to resolve this security issue, including reporting the incident to the Information Commissioner’s Office and contacting affected customers.” Concerned customers can contact Samsung support by email at email@example.com with any further questions.