Samsung has admitted that hackers accessed the personal data of U.K.-based customers during a year-long breach of its systems.
In a statement to TechCrunch, Samsung spokesperson Chelsea Simpson, representing the company via a third-party agency, said Samsung was “recently alerted to a security incident” that “resulted in certain contact information of some Samsung U.K. e-store customers being unlawfully obtained.”
Samsung declined to answer further questions about the incident, such as how many customers were affected or how hackers accessed its internal systems.
In a letter sent to affected customers, Samsung admitted that attackers exploited a vulnerability in an unnamed third-party business application to access the personal information of customers who made purchases at Samsung U.K.’s store between July 1, 2019 and June 30, 2020.
In the letter, which was shared on X (formerly Twitter), Samsung said it didn’t discover the compromise until more than three years later, on November 13, 2023.
Samsung told affected customers that hackers may have accessed their names, phone numbers, postal addresses and email addresses. “No financial data, such as bank or credit card details or customer passwords, were impacted,” Samsung’s spokesperson told TechCrunch, adding that the company had reported the issue to the U.K.’s Information Commissioner’s Office (ICO).
ICO spokesperson Adele Burns confirmed to TechCrunch that the U.K. data protection regulator is aware of the incident and “will be making enquiries.”
This incident is the third data breach that Samsung has disclosed in the past two years.
In September 2022, the company confirmed in a brief notice that attackers had accessed some information from some of Samsung’s U.S. systems but declined to say how many customers were affected. Prior to this, in March 2022, Samsung confirmed that it had suffered a breach after Lapsus$ hackers claimed to have obtained and leaked almost 200 gigabytes of confidential data from the company’s systems, including source code for various technologies and algorithms for biometric unlock operations.