top of page

In The News: Samsung’s Data Breach

Updated: Jun 7

Table of Contents

  • What Happened?

  • What Has Samsung Said?

  • What Is Being Done?

  • Bottom Line


  • What is a data breach?

  • What are the consequences of a data breach to an organization?

  • How much does it cost to fix a data breach?

  • Do businesses have to report data breaches?

What Happened?

An unauthorized party obtained data from a few of Samsung's American systems in late July 2022. We discovered through our ongoing investigation that certain customers' personal information was compromised on or around August 4, 2022, the company wrote in a blog post.

The personal information of an unknown number of Samsung customers in the US was accessed by an unauthorized user in late July.

Despite the size of the attack, the tech giant has guaranteed that no Social Security or credit or debit card numbers were exposed. The information may have included name, contact, place, date of birth, and product registration.

On September 2 Samsung had sent a notification via email to several users in the US with the subject line: "An important notice regarding customer information", a GSMArena report revealed. Besides that, Samsung has also notified the data breach issue publicly in a notice, which compromised the personal details of its users such as name, contact details, demographic information, date of birth, and product registration information.

Samsung's headquarters
Samsung disclosed that it had experienced a data breach, exposing the private data of its clients.

What Has Samsung Said

Samsung has given an official statement. It has said, “We want to assure our customers that the issue did not impact Social Security numbers or credit and debit card numbers, but in some cases, may have affected information such as name, contact and demographic information, date of birth, and product registration information.”

“The information affected for each relevant customer may vary. We are notifying customers to make them aware of this matter.”

The incident's victims are also entitled to one free credit report each year from each of the three major US credit reporting agencies, according to Samsung. The business warned clients not to click on links in shady emails or open unsolicited messages.

What Is Being Done?

Along with working with law enforcement, the company said it had taken steps to stop the attack from getting worse. In order to look into the hack, Samsung is also communicating with an outside cybersecurity company.

The electronic major advised the affected customers to remain vigilant against "any unsolicited communications that ask for your personal information or refer you to a web page asking for personal information" and to "avoid clicking on links or downloading attachments from suspicious emails." The electronic major did not suggest any immediate action for the affected customers, however.

Samsung is informing each and every affected customer. Although the American division of the electronics behemoth notified customers a month after becoming aware of the incident, the South Korean division of the company has already done so and is collaborating with a cybersecurity firm.

The company acknowledged in April 2022 that the Lapsus$ cybercrime gang had attacked it after publishing a 190GB data dump of information purportedly belonging to the company, including a wealth of sensitive and valuable technical information.

Bottom Line

If a tech giant such as Samsung with the ability to have all possible measures in place for data protection is hit by an attack, it is about time that all organizations check where they are standing. Data breaches are a serious threat and if the data of your customers are put at risk, you can lose the trust they put into your brand. Not only that, a data breach or any other cyberattack can cost your organization millions of dollars. You will also have to pay hefty penalties and get into legalities as many countries have their own Data Protection Acts and Privacy Acts which you fail to comply with.

What does all of this mean and what can be done? It is crucial that all organizations, big and small, understand the importance of cybersecurity. Especially in the digital world that we are a part of, it has become even more necessary to have proper cybersecurity measures in place.

At iBovi, we take a proactive approach to tackling all your security challenges and protecting your systems from data breaches, sophisticated cyberattacks, cybersecurity threats, and malicious groups.


Q. What is a data breach?

A data breach is a situation in which information is taken from a system without the owner's knowledge or consent.

Q. What are the consequences of a data breach to an organization?

Identity theft or a breach of industry or governmental compliance regulations may result from a data breach, and the offending organization may be subject to fines, legal action, reputational damage, or even lose its ability to conduct business.

Q. How much does it cost to fix a data breach?

The cost of a data breach on average is at an all-time high. From USD 4.24 million in 2021 to USD 4.35 million in 2022, the average cost of a data breach increased by 2.6%. The average price increased from USD 3.86 million in the 2020 report by 12.7% according to IBM.

Q. Do businesses have to report data breaches?

Yes. Both large and small businesses will be required by PIPEDA (for Canada) and other respective country data protection acts to report and notify security safeguard breaches that pose a genuine risk of significant harm, as well as to maintain records of all security safeguard breaches.

Follow iBovi Blog for the latest cybersecurity news, informative content, and lots more. Subscribe to our email list for getting content delivered straight to your inbox. Also, keep up with us on Twitter, Facebook, and Linkedin.


bottom of page