South Korean electronics manufacturer Samsung revealed a hacker accessed the personal data of an unspecified number of its U.S.-based customers, even after improving its cybersecurity systems following a previous breach earlier this year.
Samsung informed customers Friday about the latest breach, which occurred in late July and was discovered Aug. 4. The company said an unauthorized third party might have accessed customers’ names, contact and demographic information, dates of birth, and product registration information.
Samsung assured customers their credit and debit card information, as well as Social Security numbers, were not accessed. The company said it has taken action to secure the affected systems, engaged with a “leading outside cybersecurity firm,” and is working with law enforcement.
“Samsung remains committed to the security and privacy protection of its customers,” the company said. “… We deeply regret any concern or inconvenience this incident may have caused to our valued customers.”
In a series of FAQs, Samsung said customers do not need to take any action but should be careful not to click on links in unsolicited emails.
Samsung confirmed in March it fell prey to an attack by hacker group Lapsus$, in which internal company data, such as source code for Galaxy phones and Samsung’s data security measures, was published online.
Lapsus$, a group of teenaged hackers based in the United Kingdom, also breached other tech firms, including Microsoft; Nvidia; software developer Globant; customer service firm Sitel; and Okta, a user authentication and data management company, according to a report from Gizmodo.
Samsung told blogger website SamMobile the breach in March did not include the personal information of customers or employees and the company had “strengthened our security system” in response.
“We have implemented measures to prevent further such incidents and will continue to serve our customers without disruption,” the company said at the time.