South Korean smartphone and TV giant Samsung lost an undisclosed amount of data related to an undisclosed number of customers and remained silent for nearly a month.
So what happened? Who is affected? Are Samsung users safe?
What happened to the Samsung data breach?
The short answer is that Samsung doesn’t know how the data breach happened — or at least, it didn’t say in a September 2 press release, “In late July 2022, an unauthorized system”.
The statement continues:
“We want to assure our customers that this issue does not affect Social Security numbers or credit and debit card numbers, but in some cases may affect names, contact and demographic information, dates of birth and product registration information and other information. The affected information may vary for each relevant customer.”
Contact details may include home address, phone number and email. Other information collected during product registration includes gender, precise geolocation data, Samsung account profile ID, username, and more. Even just your email address can be valuable to criminals.
Samsung’s half-hearted assurance may reassure some customers that criminals didn’t use their credit card details to buy untraceable cryptocurrency.However, the amount of information the company admits possible It’s amazing to be taken, not something as easily counterfeited as inconsequential.
With this level of detail, it should be relatively trivial for an attacker to construct an accurate spear-phishing attack, engineer SIM swaps, and obtain credit and loans in the victim’s name.
Perhaps that’s why Samsung took pains to point out at the time of its release that, while it doesn’t offer victims free credit monitoring, “under US law, you’re entitled to a free credit report each year from the three major national credit reporting agencies. .”
Samsung discovered the vulnerability on August 4, 2022, and released this limited information exactly 30 days later. Data breach disclosure legislation varies across the United States, but the general requirement is that such breaches be notified as soon as possible without undue delay. The maximum allowable period of time for disclosures ranges from 30 days (Florida Colorado) to 90 days (Connecticut). By delaying disclosure for so long, Samsung could be putting itself at risk.
Who was affected by the Samsung data breach?
As for who was affected, Samsung didn’t even give a rough figure. It could be every customer with a Samsung device, or it could be just a few. We don’t know yet. Samsung is trying to reassure affected users by:
“We value our customers’ trust and if we determine through our investigation that the incident requires further notice, we will contact you accordingly.”
Earlier this year, the hacker group Lapsus$ claimed to have stolen 190GB of sensitive data from Samsung, including all algorithms for biometric unlocking operations, source code for bootloaders for new Samsung products, and all source code for authorization and verification, Android Police reports. Samsung account behind the process.
What can you do for this?
OK, so what can you actually do about this violation? With this level of information being disclosed, you should use a credit monitoring service to keep a close eye on any new card or loan applications in your name. Better yet, freeze your credit until you’re sure you’re safe. It might also be a good idea to change your phone number.
If you are concerned and want assurance or further advice, please contact Samsung directly. You can also express your dissatisfaction so that if something like this happens again, they don’t treat your message in this seemingly careless way.