Samsung has admitted personal contact information of some of its UK customers has been “unlawfully obtained” in a data breach. The firm said no financial data, bank card details or customer passwords were impacted.
However in an email sent to affected customers the company said the impacted data may include their name, phone number, address and email address. The breach has affected some customers who had made purchases from Samsung UK’s online store, but the number of users involved had not been disclosed.
In its message to affected customers, Samsung said it had seen an unauthorised individual exploit a vulnerability in a third-party business application the company use.
As a result the information of certain customers who had made purchases on Samsung’s ecommerce site between July 1 2019 and June 30 2020 were exploited.
A spokesman for the company said:
“We were recently alerted to a cybersecurity incident, which resulted in certain contact information of some Samsung UK e-store customers being unlawfully obtained. No financial data, such as bank or credit card details, or customer passwords, were impacted.
“We have taken all necessary steps to resolve this security issue, including reporting the incident to the Information Commissioner’s Office and contacting affected customers.”
In response to the incident, a spokesperson for the Information Commissioner’s Office (ICO) said:
“Samsung has made us aware of an incident and we will be making inquiries.”