Samsung has notified its customers in the UK that a data breach has exposed the PII of thousands of individuals. The breach impacted customers who made purchases on the company’s UK online store between July 1, 2019, and June 30, 2020.
The breach was discovered on November 13, 2023, and determined that an unauthorized individual exploited a vulnerability in a third-party business application to access customer data. Samsung has not disclosed the identity of the hacker.
The affected personal information may include names, addresses, phone numbers, and email addresses. Samsung has assured its customers that financial information and passwords were not accessed in this breach.
Customers from UK base were affected by the data breach. Users in the United States, Canada, South Korea, and elsewhere have no cause for concern.
Samsung has reported the incident to authorities, including the UK’s Information Commissioner’s Office, responsible for enforcing the UK General Data Protection Regulation.
This data breach is separate from the one that Samsung announced in September 2022, impacting only the company’s US customers. The incident resulted in the breach of private user data, including names, dates of birth, product registration data, demographic information, and contact numbers.
Samsung has a history of being targeted by hackers due to its large-scale customer base, with over 992.4 million active Samsung smartphone owners in 2020. Previously, the South Korean technology giant was hacked by Lapsus$ hackers, who leaked the company’s source code online in March 2022.