Samsung says customer data stolen in July data breach

Electronics giant Samsung has confirmed a data breach affecting customers’ personal information.

In a brief notice, Samsung said it discovered the security incident in late-July and that an “unauthorized third party acquired information from some of Samsung’s U.S. systems.” The company said it determined customer data was compromised on August 4.

Samsung said Social Security numbers and credit card numbers were not affected, but some customer information — name, contact and demographic information, date of birth, and product registration information — was taken.

“The information affected for each relevant customer may vary. We are notifying customers to make them aware of this matter,” said the statement.

Samsung spokesperson Chris Langlois told TechCrunch by email via crisis communications firm Edelman that demographic data relates to customer information used for marketing and advertising, but didn’t specify what types of data this includes. Langlois added that registration data, provided by customers in order to access support and warranty information, includes product purchase date, model, and device ID.

Langlois declined to say how many customers were affected or why it took Samsung more than a month to notify customers about the breach, which was announced just hours ahead of a U.S. holiday weekend marking Labor Day.

“Even though the investigation is ongoing, we wanted to notify our customers to make them aware of this matter because we understand how important their privacy is,” Langlois said.

The company noted that it has taken steps to secure its systems and has brought in an unnamed third-party cybersecurity firm. Samsung said it was coordinating with law enforcement.

This is the second time Samsung has confirmed a data breach this year. In March, the company admitted that the Lapsus$ hacking group — the same group that infiltrated Nvidia, Microsoft and T-Mobile — obtained and leaked almost 200 gigabytes of confidential data, including source code for various technologies and algorithms for biometric unlock operations.