Samsung reveals second data breach this yearSecurity Affairs

Electronics giant Samsung has confirmed a new data breach after some of its US systems were compromised in July.

After the attack that hit the company at the end of July 2022, Samsung disclosed a data breach. The electronics giant discovered on August 4 that threat actors had gained access to its systems and exfiltrated the personal information of its customers.

Threat actors had access to Samsung customers’ names, contacts, dates of birth, product registration data, and demographic information. At the same time, social security or credit card numbers were not exposed in the security breach.

“In late July 2022, an unauthorized third party acquired information from some of Samsung’s US systems. On or about August 4, 2022, we determined through our ongoing investigation that certain customers’ personal information was affected. We have taken steps to secure the affected systems, have engaged a leading external cybersecurity firm, and are coordinating with law enforcement. reads a notice published by the company. “We want to assure our customers that the issue has not impacted social security numbers or credit and debit card numbers, but in some cases it may have affected information such as name. , contact and demographic information, date of birth, and product registration information. ”

The Company states that the information exposed for each affected customer may vary, but it informs affected customers accordingly.

Samsung claims to have detected the incident and taken steps to secure the impacted systems. The company also hired a leading cybersecurity firm to investigate the incident and reported it to law enforcement.

The company states that customers do not need to take any immediate action to mitigate the potential impacts of the incident, regardless, it recommends that customers:

  • Be cautious of any unsolicited communication asking for your personal information or referring you to a webpage asking for personal information
  • Avoid clicking on links or downloading attachments from suspicious emails
  • Review their accounts for suspicious activity

In March 2020, Samsung disclosed another data breach after being hit by an attack by data extortion group Lapsus$.

Threat actors had access to internal company data, including source code for Galaxy models.

The Lapsus$ gang claimed to have stolen a huge trove of sensitive data from Samsung Electronics and leaked 190 GB of alleged Samsung data as evidence of the hack.

The gang announced the availability of the sample data on their Telegram channel and shared a Torrent file to download. They also shared an image of the source code included in the stolen data.

The stolen data includes Samsung’s confidential source code, including:

  • DEVICES/EQUIPMENT – Source code for each Trusted Applet (TA) installed on the TrustZone (TEE) of all Samsung devices with specific code for each type of TEE operating system (QSEE, TEEGris, etc.). THIS INCLUDES DRM MODULES AND KEYMASTER/GATEKEEPER!
  • Algorithms for all biometric unlocking operations, including source code that communicates directly with the sensor (down to the lowest level, we’re talking about individual RX/TX bitstreams here).
  • Bootloader source code for all recent Samsung devices including Knox data and passcode.
  • Various other data, Qualcomm confidential source code.

Follow me on Twitter: @securityaffairs and Facebook

Pierluigi Paganini

(Security cases hacking, data breach)

Share on

Comments are closed.