Share this article

Samsung has acknowledged that during a year-long system breach, hackers gained access to the personal information of customers located in the United Kingdom.

Replying on behalf of the company through a third-party agency, Samsung spokeswoman Chelsea Simpson told TechCrunch that the company was “recently alerted to a security incident” that “resulted in certain contact information of some Samsung U.K. e-store customers being unlawfully obtained.”

Regarding the incident, Samsung refused to respond to inquiries about the number of customers impacted or the way hackers gained access to its internal systems.

Samsung acknowledged to the impacted customers in a letter that hackers had obtained personal data from customers who had made purchases at Samsung U.K.’s store between July 1, 2019, and June 30, 2020 by taking advantage of a flaw in an unidentified third-party business application.

Samsung claimed in the letter that it was not aware of the compromise until November 13, 2023, more than three years later, and that the letter was shared on X (formerly Twitter).

Customers impacted by this were notified by Samsung that their names, phone numbers, postal addresses, and email addresses might have been accessed by hackers. Samsung’s representative confirmed to TechCrunch that “no financial data, such as bank or credit card details or customer passwords, were impacted” and that the company had notified the Information Commissioner’s Office (ICO) of the United Kingdom of the problem.

A representative for the ICO, Adele Burns, told TechCrunch that the data protection regulator in the United Kingdom is aware of the incident and “will be making enquiries.”

In the last two years, Samsung has revealed three data breaches, the most recent of which is this one.

The company did not disclose the number of customers who were impacted when it acknowledged in a brief notice in September 2022 that hackers had gained access to certain data from some of Samsung’s American systems. Previously, in March 2022, Samsung declared that it had been compromised after hackers from Lapsus$ allegedly stole and released nearly 200 gigabytes of sensitive information from the business’s systems. This information included algorithms for biometric unlocking and source code for several different technologies.