In an email received by this reporter on the evening of 15 November, Samsung Electronics (U.K.) Limited confirmed that it had “recently discovered a cybersecurity incident” affecting personal customer information. Here’s what we know so far.
What Does The Samsung Hacking Disclosure Say?
According to the email that hit my inbox on the evening of 15 November, the hack was discovered on 13 November. Although there is no indication as to the specific third-party business application involved, Samsung has firmly pointed the finger of blame in the direction of a vulnerability within that app. “It was determined that an unauthorized individual exploited a vulnerability in a third-party business application we use,” the email states. Customers making purchases between 1 July 2019 and 30 June 2020 are said to be impacted. Samsung goes on to say that some personal information pertaining to some customers who had made purchases on the SEUK eCommerce site was affected. The compromised data includes, Samsung says, names, addresses, phone numbers, email and IP addresses. According to the Samsung disclosure email, the hacker didn’t access any financial data or passwords.
Third-Party Application Vulnerability At Fault, Samsung Says
There is precious little other known information at this point in time, at least as it relates to the third-party business application or the vulnerability concerned. However, Samsung says that the application’s operation was suspended upon incident discovery, and a forensic review was launched. Additional technical measures, including patching the application vulnerability, have been taken.
Should All Samsung Users Be Concerned?
As already mentioned, the Samsung email refers to users of the U.K. eCommerce site and there is no word if other servers have been impacted. You would also have needed to access that site between July 2019 and June 2020 and made a purchase. Although Samsung says there is no immediate action required by users, it does recommend the following precautions:
- Remain cautious of any unsolicited communications that ask for your personal information or refer you to a web page asking for personal information.
- Avoid clicking on links or downloading attachments from suspicious emails
- Read the U.K. National Cyber Security Centre’s guidance on how to spot suspicious messages and protect yourself following such a cyber incident.
I have reached out to Samsung for a statement, but in the meantime, concerned customers can contact Samsung support by email at firstname.lastname@example.org with any further questions.
Follow me on Twitter or LinkedIn. Check out my website or some of my other work here.