Samsung confirms data breach - here's what you need to know

Samsung says that extremely sensitive customer data such as payment information remains safe.

Samsung data breach

The hacker is believed to have exploited a vulnerability in a third-party app used by Samsung (via Bleeping Computer). The company has since confirmed that it has "taken the necessary steps to resolve this issue" including issuing a fix for the vulnerability.

An email to customers reads: “On 13 November 2023, it was determined that an unauthorised individual exploited a vulnerability in a third-party business application we use, and that some personal information of certain customers who made purchases on SEUK’s eCommerce site between July 1, 2019, and June 30, 2020, was affected.”

The email adds disclose that Samsung believes customer names, phone numbers, addresses, and email addresses could all have been exposed.

A company spokesperson confirmed to TechRadar Pro that the incident is limited to the UK, which means US customers, employees, and retailers have not been affected:

"We were recently alerted to a cybersecurity incident, which resulted in certain contact information of some Samsung UK e-store customers being unlawfully obtained.  No financial data, such as bank or credit card details, or customer passwords, were impacted."

Samsung also told us that it reported the data breach to the UK’s Information Commissioner’s Office and has communicated with affected customers, but did not go into much further detail about what how incident happened.

The period saw some of Samsung’s most notable phones on sale, including the Galaxy S10, Galaxy S20, Galaxy Fold, and Galaxy Z Flip, which means those buying these models directly from Samsung UK could be affected.

More from TechRadar Pro

• Worried you might have been caught up in the breach? Check out the best identity theft protection
• Use the best firewalls and the best endpoint protection for a handy cybersecurity boost
• Mr Cooper says user data was exposed in data breach