Samsung Electronics is notifying some of its customers of a data breach that exposed their personal information to an unauthorized individual.

The company says that the cyberattack impacted only customers who made purchases from the Samsung UK online store between July 1, 2019, and June 30, 2020.

Hacker exploits bug in third-party app

Samsung discovered the data breach two days ago, on November 13, and determined that it was the result of a hacker exploiting a vulnerability in a third-party application the company used.

No details have been provided about the security issue leveraged in the attack or the vulnerable application that enabled the attacker to access Samsung customer's personal information.

The notification to customers says that exposed data may include names, phone numbers, postal and email addresses. The company underlines that credentials or financial information remains unaffected by the incident.

Samsung notifies customers of UK store of a data breach
Samsung alerts customers of a new data breach
source: Michael Valentine

A Samsung spokesperson told BleepingComputer that the company was recently alerted of a cybersecurity incident that is limited to the UK region and does not affect data belonging to customers in the U.S., employees, or retailers.

“We were recently alerted to a cybersecurity incident, which resulted in certain contact information of some Samsung UK e-store customers being unlawfully obtained. No financial data, such as bank or credit card details, or customer passwords, were impacted. The incident is limited to the UK and does not affect U.S. customers, employees or retailer data” - Samsung

The company has taken all necessary steps to address the security issue, the representative told BleepingComputer, adding that the incident has also been reported to the UK’s Information Commissioner’s Office.

This is the third data breach Samsung has suffered in two years. The previous one occurred in late July, 2022 - discovered on August 4, when hackers accessed and stole Samsung customers' names, contacts and demographic information, dates of birth, and product registration data.

In March 2022, the data extortion group Lapsus$ breached Samsung’s network and stole confidential information, including source code for Galaxy smartphones.

Samsung confirmed that “certain internal data” had fallen into the hands of an unauthorized party after Lapsus$ leaked about 190GB of archived files along with a description of the contents.

Related Articles:

23andMe data breach under investigation in UK and Canada

Infosys McCamish says LockBit stole data of 6 million people

Ticketmaster sends notifications about recent massive data breach

Dairy giant Agropur says data breach exposed customer info

TeamViewer links corporate cyberattack to Russian state hackers