Cybersecurity aims to protect sensitive data and financial assets against simple and annoying computer viruses, sophisticated and costly ransomware attacks, and everything in between. In the case of Samsung, it was a costly ransomware attack. The cybersecurity breach Sunsung Co. suffered was in late July 2022, even though they opened up about it weeks later.
Read also: Why Is Cybersecurity Important?: All You Should Know
Below is the cybersecurity breach notification email from Samsung:
At Samsung, security is a top priority. We are reaching out to inform you that Samsung recently discovered a cybersecurity breach that affected some of your information.
In late July 2022, an unauthorized third party acquired information from some of Samsung’s U.S. systems. On or around August 2022, we determined through our ongoing investigation that the personal information of certain customers was affected.
We have taken actions to secure the affected systems, have engaged a leading outside cybersecurity firm, and are coordinating with law enforcement. We want to assure our customers that the issue did not impact Social Security numbers or credit and debit card numbers, but in some cases, may have affected information such as name, contact and demographic information, date of birth, and product registration information. The information affected for each relevant customer may vary.
Samsung Cybersecurity Second Data Breach
In September 2022, Samsung made an announcement stating that a data breach may have resulted in the theft or exposure of personal information belonging to some users of smart devices. The company stated that none of its customers’ financial information, social security numbers, or credit card numbers were compromised in any way.
Although Samsung did not specify the number of people who may have been affected or the kind of devices that may have been compromised, the company’s client base is estimated to number in the hundreds of millions. Even a relatively minor data breach may have resulted in the exposure of hundreds of thousands or even millions of accounts.
What Really Happened in the Samsung Cybersecurity Breach?
“We want to assure our customers that the issue did not impact Social Security numbers or credit and debit card numbers, but in some cases, may have affected information such as name, contact and demographic information, date of birth, and product registration information. The information affected for each relevant customer may vary.”
From the statement above, it didn’t sound like Samsung knew how the data breach occurred—or, perhaps, they intentionally left it out in the press release issued on September 2nd, which simply notes, “In late July 2022, an unauthorized third party acquired information from some of Samsung’s U.S. systems.”
Contact information will most likely include a home address, phone number, and email address. Gender, accurate geolocation data, Samsung Account profile ID, username, and other information are also collected during product registration. Criminals may be interested in your email address alone.
Samsung’s half-hearted promise may reassure some customers that criminals aren’t utilizing their credit card information to buy untraceable bitcoin, for example. However, the amount of information that the company admits was obtained is startling, and it is not something that can be dismissed as insignificant.
The Lawsuit Against Samsung on their Cybersecurity Breach
Two Samsung users, represented by Clarkson Law Firm, filed a class action lawsuit against the electronics manufacturer for the two data breaches that occurred in 2022.
According to the 43-page complaint filed with the Federal District Court for the Northern District of California, Samsung unnecessarily acquired user data and then retained and sold it without sufficient security safeguards, resulting in two consecutive data breaches.
The lawsuit further claims that Samsung purposefully blocked certain functionalities and capabilities of its electronic devices, such as televisions and printers, and required customers to enter personally identifiable information such as home addresses and dates of birth.
Additionally, the complaint claims that the electronics behemoth subsequently retained, monitored, and sold the obtained data without properly safeguarding it while telling consumers that “security and privacy are at the heart of what we do and think about every day.”
See WHATSAPP COMPANION MODE: What Is It & How To Use?
Despite claiming that users’ security and privacy were secured by ‘holistic’ and ‘industry-leading security,’ the company employed inadequate security measures, resulting in the compromise of consumers’ personal information.
In early 2022, Samsung was victimized by the Lapsus$ cybergang, who boasted of stealing 190 GB of data from the electronics behemoth. The stolen material includes Galaxy device source code as well as over 6,000 secret keys such as private keys, login credentials, and AWS, GitHub, and Google keys.
The lawsuit says that Samsung’s assurances that only “source code related to the operation of Galaxy devices” was leaked during the incident “completely minimized the impact of this first data breach.”
In July 2022, Samsung was the victim of a hack that compromised the personal information of US customers. According to the lawsuit, that occurrence may have been avoided.
Potential Consequences of a Samsung Cybersecurity Breach
Victims of data breaches frequently spend a significant amount of time and money attempting to reduce or mitigate the harm. This could include investigating, monitoring, and notifying account holders, as well as acquiring credit monitoring or other services. In the worst-case scenario, individuals must go through time-consuming and complicated procedures to recover from identity theft, rebuild credit, and mitigate financial effects.
Due to the possibility that the data acquired in the Samsung hack contained third-party information, users may see a surge in spam emails, text messages, and phone calls. These attempted contacts could be phishing efforts to deceive users into disclosing more information, raising the possibility of monetary or identity theft.
Those who were victims of fraud as a result of the Samsung cybersecurity breach may be eligible for compensation. Samsung further advises that device users should:
- Be cautious of unauthorized messages that request personal information or direct you to a website that requests personal information.
- Resist clicking on links or downloading attachments from questionable emails.
- Examine your accounts for any unusual activity.
What is the permissible timeframe to disclose a data breach?
Data breach disclosure regulations differ across the United States; however, it is a general requirement that such a breach be reported as soon as possible and without unreasonable delay. The maximum permissible timeframe for disclosure ranges from 30 days in Colorado and Florida to 90 days in Connecticut. Meanwhile, on August 4th, 2022, Samsung discovered the vulnerability and provided this limited information 30 days later. Samsung may be placing itself in peril by postponing the disclosure for so long.
Are Samsung phones being compromised?
Samsung, Vivo, and Pixel devices are particularly vulnerable. The following Samsung phones are at risk: the S22, M33, M13, M12, A71, A53, A33, A21, A13, A12, and A04 series.
How often has Samsung been hacked?
As of 2023, Samsung is the world’s second most popular smartphone maker, with a market share of 24.22%. Nonetheless, despite its high profile, Samsung has been the target of two cyberattacks in recent years.
How was Samsung’s security breached?
In early 2022, Samsung was victimized by the Lapsus$ cybergang, which boasted of stealing 190 GB of data from the electronics behemoth. The stolen material includes Galaxy device source code as well as over 6,000 secret keys such as private keys, login credentials, and AWS, GitHub, and Google keys.
Has Apple been hacked?
As of the time of this writing, no Apple ID has ever been “hacked”. However, scammers can take over your account in a variety of ways if your smartphone was probably stolen or misplaced. Someone with access to your password used it without your knowledge.
What exactly is Samsung accused of?
Asus Technologies Licensing Inc. accused Samsung Electronics Co. and two US companies of using standard-essential 4G and 5G telecommunications technologies produced by AsusteK Computer Inc. in a wide range of mobile wireless devices without paying to license the patents.
Who is bringing the lawsuit against Samsung?
Netlist has charged Samsung for violating memory-related patents in Texas, Delaware, and Germany. In April, an East Texas jury awarded Netlist more than $303 million in damages after concluding that Samsung’s memory modules for high-performance computing infringed on several Netlist data processing patents.
Was Google ever hacked?
In 2009, a group of Chinese government hackers breached the systems of Google and several major American corporations, including Yahoo and Dow Chemical.
Summary
This is the second data breach disclosed by Samsung since the beginning of 2022, with the electronics company stating in March that the data extortion gang Lapsus$ infiltrated its network and stole proprietary material, including the source code for Galaxy smartphones.
The hackers released 190GB of archives containing what they said were papers taken from Samsung’s systems at the time.
HOW TO REMOVE VIRUS FROM IPHONE: Simple & Effective Methods
HOW TO REMOVE A HACKER FROM MY PHONE: Full Guide
How Much Do Cybersecurity Jobs Pay: State-By-State Pay Outlook
SIEM Cybersecurity: What Is It & How Does It Work?
References
