Samsung on Friday disclosed that it had recently detected a cybersecurity breach that resulted in the exposure of personal information of customers. The incident took place in late July, according to the South Korean firm, when an unauthorised third party compromised the company’s US systems. Samsung says that as part of an ongoing investigation, the company hired a cybersecurity firm and is coordinating with law enforcement. The company previously revealed that it had been affected by a data breach in March, where hackers managed to steal source code for Samsung smartphones.
On Friday, Samsung disclosed the security breach via its security response centre, revealing that the attackers may have gained access to personal information of customers, including name, contact and demographic information, date of birth, and product registration information.
According to Samsung, the data exposed in the breach did not include customers’ Social Security numbers or credit and debit card details. While the company is yet to specify the number of users and regions that were affected, the notice appears to suggest that US customer details were exposed in the incident.
“We have taken actions to secure the affected systems, and have engaged a leading outside cybersecurity firm and are coordinating with law enforcement,” Samsung said on its website, adding that it has notified customers of the incident.
Samsung says that it has reached out to customers that it has identified as being affected by the issue and will contact users it has not yet reached out to, if further notifications are required during its investigation.
According to the company, users should remain cautious of unsolicited communications asking for personal information, avoid clicking on links or downloading attachments from suspicious emails, and review their accounts for suspicious activity. The company says its consumer devices were not affected during the incident.
Back in March, Samsung revealed that it had suffered a cybersecurity breach, which resulted in the exposure of internal company data. The leaked data included source code for Samsung Galaxy smartphones, but Samsung had stated that the personal data of customers or its employees was not affected. The Lapsus$ hacking group had previously claimed responsibility for the breach, and the company stated at the time that it had taken measures to prevent breaches in the future.