Samsung claims no consumer devices were affected by the breach, in which customers’ contact information, dates of birth and product registration details were leaked. Credit: AndreyPopov / Getty Images Samsung has opened up about a data breach it detected on or around August 4, affecting the personal information of some of its customers.“In late July 2022, an unauthorized third party acquired information from some of Samsung’s US systems. On or around August 4, 2022, we determined through our ongoing investigation that personal information of certain customers was affected,” Samsung said in a statement. The company said that the issue did not impact social security numbers or credit and debit card numbers, but in some cases, may have affected information such as name, contact and demographic information, date of birth, and product registration information. Affected customers could be impacted at varied levels, the company said. However, Samsung did not reveal how many customers were affected by the incident. Samsung says it has taken action to secure the affected systems and has engaged a leading outside cybersecurity firm and is coordinating with law enforcement. Samsung is directly communicating with some of the affected customers and may contact more as its investigation progresses, it said.“Consumer devices were not affected in connection with this incident, and you can continue to use our products and services, as usual,” the company stated. Second security incident this yearIn March, Samsung suffered another security breach that resulted in the exposure of internal company data, including the source code related to its Galaxy smartphones. The company then said that the breach involved some source code relating to the operation of Galaxy devices but did not include the personal information of consumers or employees. The incident had come to light after LAPSUS$ hacking group dumped 190GB of Samsung data on its Telegram channel, allegedly exposing the source code for trusted applets installed within the TrustZone privileged environment, algorithms for biometric authentication, bootloaders for recent devices, source code for Samsung’s activation servers, full source code for technology used for authorizing and authenticating Samsung accounts, including APIs and services, and even confidential data from its chip supplier Qualcomm.Instance of data breaches rising in 2022 About 550 organizations globally had experienced data breaches between March 2021 and March 2022, according to a report by Ponemon Institute and IBM. The global average cost of data breaches reached an all-time high of $4.35 million in 2022 compared with $4.24 million in 2021. According to the report, about 83% of the organizations have experienced more than one breach in their lifetime. Even large security firms haven’t been spared from data breaches. For instance, last month, Cisco admitted it faced a security incident targeting its corporate IT infrastructure in late May. An employee’s credentials were compromised after an attacker gained control of a personal Google account where credentials saved in the victim’s browser were being synchronized, Cisco said in a statement. The attack was linked to the LAPSUS$ group. Similarly, cybersecurity company Group-IB published a report on August 25, revealing a month-long phishing campaign that had compromised at least 130 companies, including Cloudflare, Doordash, Mailchimp, and Twilio.The attackers executed their attack by imitating the authentication service Okta through text message, that would direct their targets to a fake authentication page, when the victims would enter their login credentials, it gave the attackers access to their account. Related content news F5 patches BIG-IP Next Central Manager flaws that could lead to device takeover Two high-risk vulnerabilities could be exploited to allow attackers to gain full administrative control on devices via leaked password hashes. By Lucian Constantin May 08, 2024 5 mins Threat and Vulnerability Management Cloud Security Vulnerabilities news Suspected Chinese hack of Britain’s Ministry of Defence payroll linked to government contractor, minister confirms The UK’s defence minister would not confirm that the attack was conducted by an element of the Chinese state, rather blaming the “potential failings” of a partner. By John Dunn May 08, 2024 4 mins Aerospace and Defense Industry Data Breach Government news analysis Massive security hole in VPNs shows their shortcomings as a defensive measure Researchers found a deep, unpatchable flaw in virtual private networks dubbed Tunnelvision can allow attackers to siphon off data without any indication that they are there. By Evan Schuman May 08, 2024 8 mins Threat and Vulnerability Management Data and Information Security Network Security news DocGo says hackers stole patient data in a recent cyberattack The attack compromised some healthcare data with no material or financial losses, the company said. By Shweta Sharma May 08, 2024 3 mins Data Breach Hacking PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe