An unspecified number of Samsung customers in the US had their personal information accessed by an unauthorized user in late July, the firm has revealed.
The Korean electronics giant said it discovered the incident on around August 4 this year. It has since secured the affected systems, engaged a third-party security firm and contacted law enforcement.
“We want to assure our customers that the issue did not impact Social Security numbers or credit and debit card numbers, but in some cases, may have affected information such as name, contact and demographic information, date of birth, and product registration information,” Samsung said in a statement.
“The information affected for each relevant customer may vary. We are notifying customers to make them aware of this matter.”
The tech giant said those affected by the incident are entitled under US law to one free credit report annually from each of the three major nationwide credit reporting agencies.
The stolen data would certainly appear to be enough for fraudsters to craft follow-on phishing attacks. Samsung urged customers to be cautious of any unsolicited communications and avoid clicking on links or downloading attachments from any such messages.
It added that users should review their accounts for suspicious activity.
The news comes just months after Samsung was compromised by the infamous Lapsus$ extortion gang, which posted 190GB of its internal data online – although it is believed no customer information was taken at that time.
“According to our initial analysis, the breach involves some source codes relating to the operation of Galaxy devices but does not include the personal information of our consumers or employees,” a Samsung statement noted at the time.
“Currently, we do not anticipate any impact to our business or customers. We have implemented measures to prevent further such incidents and will continue to serve our customers without disruption.”