Samsung UK Discloses Third Major Data Breach in Two Years

Unauthorized individual exploited third-party application vulnerability, exposing customer data from July 2019 to June 2020.

Samsung UK has disclosed a year-long data breach that exposed customer data, marking the third such incident for the company globally in the past two years.
The breach, discovered on November 13, 2023, exposed data of customers who made purchases between July 1, 2019 and June 30, 2020.
An unauthorized individual exploited a vulnerability in a third-party business application used by Samsung, leading to the exposure of names, phone numbers, physical and email addresses.
Samsung has faced legal action in the past due to its handling of customer data, with a class action lawsuit filed in September 2022 alleging the company unnecessarily collects and fails to protect personally identifiable information.
The UK's Information Commissioner’s Office (ICO) has been alerted to the incident and will be making enquiries.