What you need to know
- An "unauthorized third party" accessed Samsung's U.S. customer data in late July.
- Samsung discovered the hack on August 4 but didn't report it to affected customers until September 2.
- Customer's stored card data and SSNs weren't taken, but personal demographic and contact info was.
- Samsung encouraged affected users to check their credit report, though the hacker shouldn't have the ability to affect it.
Samsung has become the latest tech company to suffer a significant data breach, though thankfully for its U.S. customers, the scale of the breach isn't as severe as it could have been.
Samsung's Security Response Center page outlines the details of the breach: A hacker broke into Samsung's U.S. data servers and accessed its customers' information sometime in late July. Samsung discovered the breach in early August and took action to "secure the affected systems," hire a "leading outside cybersecurity firm," and contact law enforcement.
As for what data was taken, Samsung "want[s] to assure our customers that the issue did not impact Social Security numbers or credit and debit card numbers, but in some cases, may have affected information such as name, contact and demographic information, date of birth, and product registration information."
Contact information would most likely include emails and phone numbers, while registration info would cover whichever Samsung devices you've registered with a Samsung account.
Any Samsung customers "identified as affected by this issue" should have already received an email; if you didn't, you can breathe a sigh of relief. The company also assures that "consumer devices were not affected in connection with this incident," so in theory, the hacker wouldn't have access to location data or other sensitive information.
For anyone who did receive Samsung's warning email, they should "remain cautious of any unsolicited communications that ask for your personal information or refer you to a web page asking for personal information." It's possible that the hacker could use the stolen personal info for phishing attempts against them.
Samsung also points its customers to the option to get a free annual credit report from Equifax, Experian, or TransUnion. For those who have already claimed this report, Samsung has not offered to pay for a second report.
It's fair to ask why Samsung took nearly a month to notify customers that their contact data was stolen. Hopefully, those affected weren't unknowingly taken advantage of before Samsung warned them of the problem.
We also don't know the scale of this breach. Despite most of the U.S.-based Android Central staff owning Samsung devices and accounts, only one of us has received an email, so it evidently hasn't affected every American Samsung customer. Note: Since publication, several AC writers have received the email, including myself, so keep an eye on your inbox!
