Samsung Confirms Alarming Data Breach Of US Users, Retains Security Firm To Investigate
On September 2, 2022, Samsung reported that it had discovered a security breach of their U.S. systems. Unfortunately for some Samsung customers, this means that their personal information may have leaked out into the wild. The report states that the initial indication came in July, and by August it had established the full extent of the breach.
The public announcement from Samsung came almost a month after the initial internal investigation was complete. The company stated that the initial investigation from the July breach was finished by August 4th. Data such as names, contact information, demographic information, date of birth, and even product registration information has been compromised. As of now, however, the company is not reporting that any social security numbers, credit or debit card information, or login information was affected. Customers who Samsung believes to have been affected by the breach have been contacted via e-mail already.
When we reached out for comment the statement from Samsung was as follows.
"We are investigating an incident involving some of our U.S. systems. Upon discovery of this incident, we took action to secure the affected U.S. systems. We also engaged a leading outside cybersecurity firm and are coordinating with law enforcement. We remain committed to safeguarding the information of our customers and take these matters seriously."While the information involved in the breach is not directly tied to any logins or passwords, Samsung urges customers to keep a close eye on potential nefarious activity. The company provides information on contacting credit reporting agencies in the United States for those who wish to monitor their report. Regarding the type of information that was stolen, Samsung claims that it is commonly used in social engineering attacks.
Access to name and date of birth can go a very long way toward identity theft, especially when utilizing additional information on social media that might be publicly available. For example, generating a false social media account is a very common way social engineering attacks happen. Continued advisement from the FAQ related to the security breach recommends that customers remain cautious of any unsolicited communication that may ask for personal information. Do not click on any links or download anything from suspicious or untrusted sources and review account activity for unexpected actions.
Lastly, if you are concerned that your Samsung device might be affected, the FAQ reports that sensitive consumer device information was not accessed. Samsung has also stated that it has engaged with a third-party security firm and mitigation is already in place to prevent any similar issues in the future.