what you should Know
- An “unauthorized third party” gained access to Samsung’s US customer data in late July.
- Samsung discovered the hack on August 4, but didn’t report it to affected customers until September 2.
- The customer’s stored card data and SSN were not taken, but personal demographic and contact information was taken.
- Samsung encouraged affected users to check their credit report, although the hacker should not have been able to affect it.
Samsung has become the latest tech company to suffer a major data breach, but luckily for US customers, the scale of the breach isn’t as serious as it could be.
The Samsung Security Answer Center page (opens in new tab) outlines the details of the breach: A hacker broke into Samsung’s US data servers and accessed customer information sometime in late July. Samsung discovered the breach in early August and took action to “protect affected systems,” hire a “leading external cybersecurity firm” and contact law enforcement.
As for what data was taken, Samsung “wanted[s] to assure our customers that the issue did not affect social security numbers or credit and debit card numbers, but in some cases may have affected information such as name, contact and demographic information, date of birth and registration information product.”
Contact information will most likely include emails and phone numbers, while registration information will cover the Samsung devices you’ve registered with a Samsung account.
All Samsung customers “identified as affected by this issue” should have already received an email; if you haven’t, you can breathe a sigh of relief. The company also assures that “user devices were not affected in connection with this incident,” so in theory a hacker would not have access to location data or other sensitive information.
For anyone who received the warning email from Samsung, they should “remain cautious of any unsolicited communications that ask for your personal information or direct you to a web page requesting personal information.” It is possible for the hacker to use the stolen personal information for phishing attempts against them.
Samsung also directs its customers to the option of obtaining a free annual credit report from Equifax, Experian or TransUnion. For those who have already requested this report, Samsung has not offered to pay for a second report.
It’s fair to ask why Samsung took almost a month to notify customers that their contact details had been stolen. Hopefully those affected didn’t unknowingly take advantage before Samsung alerted them to the issue.
We also do not know the extent of this breach. Although the majority of the US-based Android Central staff have Samsung devices and accounts, only one of us received the email, so obviously not every American Samsung customer was affected.