Cyber Incident Victim: Samsung Electronics

In late July 2022, Samsung experienced a cybersecurity incident involving unauthorized access to its U.S. systems, as disclosed by the company on September 2, 2022. The breach was detected on August 4, when Samsung confirmed that attackers had exfiltrated customer personal information from its network. The compromised data included customer names, contact details, demographic information, dates of birth, and product registration records, though Social Security numbers and credit card information were not accessed. Samsung initiated containment measures by securing the affected systems, engaging an external cybersecurity firm for forensic analysis, and coordinating with law enforcement agencies. The company stated that the scope of impacted information varied by customer and began notifying affected individuals directly. This marked Samsung’s second confirmed breach within the year, following a March 2022 incident involving the Lapsus$ extortion group.

The March 2022 breach had resulted in the theft of 190GB of confidential data, including source code related to Galaxy devices, which Lapsus$ subsequently leaked online. In contrast, the July breach focused on customer information rather than proprietary technical data. Samsung did not disclose technical details regarding the attack vectors, duration of unauthorized access, or the number of affected customers when contacted by media. The company advised impacted individuals to exercise caution against unsolicited communications requesting personal information, avoid clicking links or downloading attachments from suspicious emails, and monitor their accounts for unusual activity. No further updates regarding investigation outcomes or additional mitigation steps were provided in the disclosed information.