Samsung last week announced that a large number of its customers have had their data compromised after being exposed to an unauthorised third party.
This was a significant breach that has affected some people who made purchases from Samsung’s UK online store, but the number of customers has not been disclosed by the company.
The hacker is believed to have exploited a vulnerability in a third-party app used by Samsung. In their announcement to customers, the company has confirmed that it has “taken the necessary steps to resolve this issue,” which includes fixing the vulnerability.
Sensitive customer data exposed by threat actors
Samsung notified its affected customers via email, stating that the breach occurred on 13th November 2023. It determined that an unauthorised party exploited a vulnerability in a third-party business application that the company uses. As a result of this incident, personal information of certain customers who made purchases on SEUK’s eCommerce website between June 2019 and June 2020 have been affected.
The correspondence to customers also states that the exposed data includes personal information such as names, phone numbers and postal and email addresses. Samsung has also highlighted that financial information is unaffected.
According to TechCrunch, this is the third data breach that Samsung has disclosed in the past two years.
Unfortunately, these types of high profile breaches are not uncommon - in fact, they are inevitable. Another recent example of a large company whose customer data was compromised is Marina Bay Sands, which revealed earlier in November 2023 that a security incident had exposed the personal data of 665,000 customers.
Continued breaches of this scale act as a reminder for enterprises that they must adopt active and continuous cybersecurity strategies to better mitigate risk. Threat detection is fast becoming crucial for business operations, particularly as early warning system tools and efficient response methods have already been proven successful.
Offering insight into the incident, Head of Product Development, Innovation and Strategy at Integrity 360, Brian Martin says: “There are two things that jump out from the Samsung breach. Firstly, the supply chain is increasingly a massive attack surface for organisations and is a type of exposure that needs to be actively managed with the same enthusiasm and energy as managing vulnerabilities.
“The second big takeaway is the enormous dwell time before discovery, which highlights the need for threat detection and response that doesn't just rely on alerts from EDR/XDR platforms. To detect the stealthy activities of malicious actors within your environment, wider range detection and response capabilities, up to and including proactive human-led threat hunting, is key.”
He continues: “A good starting point for organisations is to conduct an in-depth compromise assessment to uncover the tracks of a compromise that may already be in your environment without you knowing. If you get a clean bill of health then you can go on to review what's in place in terms of exposure management and threat detection to then raise it to best-practice levels proven to significantly reduce the risk of compromise.”
Please also check out our upcoming event - Net Zero LIVE on 6 and 7 March 2024.
BizClik is a global provider of B2B digital media platforms that cover Executive Communities for CEOs, CFOs, CMOs, Sustainability leaders, Procurement & Supply Chain leaders, Technology & AI leaders, Cyber leaders, FinTech & InsurTech leaders as well as covering industries such as Manufacturing, Mining, Energy, EV, Construction, Healthcare and Food.
BizClik – based in London, Dubai, and New York – offers services such as content creation, advertising & sponsorship solutions, webinars & events.