Samsung latest in long line of data breaches
By Ken Showers, Managing Editor
Updated 3:40 PM CDT, Fri September 2, 2022
YARMOUTH, Maine – There’s bad news for Samsung customers this week as the electronics giant divulged the occurrence of a July 22 data breach.
In a corporate statement that Samsung released, the company discussed the recently discovered (August 4) data breach while assuring customers that some of its more vital data was still protected. “We want to assure our customers that the issue did not impact Social Security numbers or credit and debit card numbers, but in some cases, may have affected information such as name, contact and demographic information, date of birth, and product registration information. The information affected for each relevant customer may vary.” Samsung wrote.
The company went on to assure customers that it has already taken action to secure affected systems and that their ongoing investigation is coordinating with law enforcement. As of yet no group has claimed responsibility for the breach, but it lands in the same time frame as many other breaches that occurred as part of a phishing campaign by hacker group 0ktapus. So far more than 130 companies have been affected by those breaches including recently Doordash and communications tools company Twilio.
Cybersecurity group, Group-IB, has been researching the actions and methods of 0ktapus and found that they used a simple but effective form of SMS phishing which they’ve in turn used to infiltrate a large amount of corporate infrastructure. “The initial objective of the attackers was clear: obtain Okta identity credentials and two-factor authentication (2FA) codes from users of the targeted organizations. With this information in hand, the attackers could gain unauthorized access to any enterprise resources the victims have access to,” Group-IB wrote in a blog on the subject. “This case is of interest because despite using low-skill methods it was able to compromise a large number of well-known organizations. Furthermore, once the attackers compromised an organization they were quickly able to pivot and launch subsequent supply chain attacks, indicating that the attack was planned carefully in advance.”
For its part Samsung has a frequently asked questions page for users and affected parties looking for answers, as well as information on how clients and customers can check their credit considering the breach here at their FAQ.
“Samsung remains committed to the security and privacy protection of its customers. By working with industry-leading experts, we will further enhance the security of our systems – and your personal information – and work to maintain the trust you have put into the Samsung brand for more than 40 years,” Samsung said. “We deeply regret any concern or inconvenience this incident may have caused to our valued customers.”
You can view the full statement at https://news.samsung.com/us/notice-us-customer-information-cybersecurity/.
0ktapus, 2FA, Cybersecurity, data breach, Group-IB, phishing, Samsung, Twilio
To comment on this post, please log in to your account or set up an account now.
Need the Latest Security News in the Industry?
Want to always have the latest security news in the industry right in your inbox? Click the button below to subscribe.
Four Ways Your Sales Process Defines Company Growth & Profitability
Award-Winning Medical Center Turns to Mountain Alarm to Upgrade Fire Safety
From Forty Hours to Forty Seconds: WeSuite Helps SAGE Integration Automate Bid Submissions and Win More Projects
This Blog's on Fire (And Other Stuff)
Samsung latest in long line of data breaches
ASIS International announces its 2022 Awards of Excellence recipients
Titan Security Group acquires Prudential Security
Sale of top AI chips to be halted with China per U.S. decree
Broadcom announces 3Q financials and quarterly dividends
Former Buffalo PO Salter announced as winner of ASIS Ralph Day Heroism Award
Portland city council votes to increase security spending amid rise in crime
Dragonfruit AI names Ray Cooke as VP of Business Development
Security 101 adds industry veteran Tim Whall as strategic advisor to the board
Authenticate.com launches Identity Verification Infrastructure as a service (IaaS) for online platforms
Sealing Technologies Inc. awarded cyber defense contract for U.S. Marine Corps
ReasonLabs launches free online security tool
Privacy Policy | Sitemap | Terms of Use | Web Accessibility Guidelines
© 2022 Security Systems News. All rights reserved. Web solutions provided by VGM Forbin
Privacy Policy | Sitemap | Terms of Use | Web Accessibility Guidelines
© 2022 Security Systems News. All rights reserved. Web solutions provided by VGM Forbin
* - Indicates required fields