South Korean chaebol Samsung on Friday said it experienced a cybersecurity incident that resulted in the unauthorized access of some customer information, the second time this year it has reported such a breach.
“In late July 2022, an unauthorized third-party acquired information from some of Samsung’s U.S. systems,” the company disclosed in a notice. “On or around August 4, 2022, we determined through our ongoing investigation that personal information of certain customers was affected.”
Samsung said the infiltration enabled hackers to access certain data such as names, contact and demographic information, dates of birth, and product registration details.
It stressed that the incident did not affect users’ Social Security numbers or credit and debit card numbers, but noted the information leaked for each relevant customer may vary.
The collected information is necessary to help the company deliver the best experience with its products and services, it added. It’s unclear how many customers were affected or who was behind the hack, and why it took almost a month for the company to divulge the breach.
Aside from notifying users about the security event, Samsung stated it has taken steps to secure the impacted systems and engaged an outside cybersecurity firm to lead the response efforts.
Furthermore, it’s urging users to be on guard against potential social engineering attempts, avoid clicking on links or opening attachments from unknown senders, and review their accounts for potentially suspicious activity.
The announcement comes less than six months after Samsung confirmed a similar incident. In March 2022, it revealed that internal data, including the source code related to its Galaxy smartphones, was leaked in the aftermath of an attack staged by the LAPSUS$ extortion gang.