Samsung has said it has fallen victim to a cyber attack and that the personal data of UK customers was accessed, including names, phone numbers, addresses, and email addresses. If you have recently bought something from Samsung’s UK store then you should check your email inbox now in case you have a warning message from the company.
A report in Bleeping Computer that said some Brits had received emails warning them that a “cybersecurity incident” had potentially seen the leak of their personal data if they had bought anything from Samsung’s UK website between 1 July 2019 and 30 June 2020.
One of the emails was shared by a potentially affected customer via X, formerly Twitter:
Samsung said the hack was via “a third-party business application we use” and that an “unauthorised individual exploited a vulnerability” in it. A company spokesperson told Bleeping Computer that the hack was limited to UK customers only.
“We were recently alerted to a cybersecurity incident, which resulted in certain contact information of some Samsung UK e-store customers being unlawfully obtained. No financial data, such as bank or credit card details, or customer passwords, were impacted. The incident is limited to the UK and does not affect U.S. customers, employees or retailer data.”
A Samsung spokesperson told TechCrunch: “No financial data, such as bank or credit card details or customer passwords, were impacted.” If you are concerned, you can contact firstname.lastname@example.org who should be able to assist.
The company also issued the following advice:
- Remain cautious of any unsolicited communications that ask for your personal information or refer you to a web page asking for personal information
- Avoid clicking on links or downloading attachments from suspicious emails
- Read the U.K. National Cyber Security Centre’s guidance on how to spot suspicious messages and protect yourself following such a cyber incident
There have been recent calls for people to improve their online password strength, or to use new biometric identification tech such as passkeys. But with this Samsung data leak, it doesn’t matter how good or hard to guess your password is because the information was accessed from where it was being stored, not by malware or bad actors tricking you personally.
It is good that Samsung claims no credit card information was accessed, but criminals can still use identifying information such as name, address, email address and phone number to attempt to login to your online accounts – so it is still a good idea to strengthen your passwords if you currently use ones that are easy to guess.