Samsung Data Breach: Hackers Obtained Customer Data

Yet again a major international corporation has been the victim of a date breach. While Samsung has disclosed hackers did obtain “Customer Data” early reports indicate (for now) the type of data obtained was not that major.

The company says that Social Security numbers, as well as credit and debit card numbers, were not accessed. However, the event “may have affected information such as name, contact and demographic information, date of birth and product registration information.” It hasn’t revealed how many people may have been affected. The company is notifying some customers directly via email.

Samsung says someone gained unauthorized access to its systems in late July. It determined in early August that the attacker had obtained customer data, but consumer devices weren’t affected. The company said it has taken steps to secure its systems and that it brought in a third-party cybersecurity firm. It’s also in communication with law enforcement.

While credit card and Social Security numbers (not sure why the would have consumers’ social security numbers) still it is concerning they have obtained customers’ names and date of birth. Plus ‘product registration information’ likely includes mailing address, phone numbers and email addresses. That is a good chunk of information that a scammer can use to put together a phishing email and try to get the customers’ social security numbers or payment information. There also a good possibility the hackers may sell this information to scammers.

For those who have registered/pre-ordered Samsung products (cell phones, laptops, tablets, TV’s, media players, etc.) be very weary of any email you may receive claiming to be from ‘Samsung’. While the company is going to be sending out notifications via email (they really should do so via postal mail as well) it is very likely scammers will be too. Things to watch out for:

  • From email address (not the display address) is NOT samsung.com . A return email address at gmail.com, yahoo.com, or other ‘free’ email providers. These are clearly fake.
  • The email landed in your spam/junk/bulk folder.
  • Read the email carefully, if you notice grammar errors, typos or random odd formatting (highlighting, bold, underline, etc.) that is a good sign the email is a phishing attempt.
  • Check to see if you can click and highlight the text in the email. The Fake ‘Amazon’ Email I got earlier this year, the entire email was an image. There was no text that could be clicked and highlighted.
  • If the email contains link make sure to hover over the link and see what their link is trying to take you. This is extremely important if the email is asking you to ‘login’ to your account of ‘change your password’.
  • Too Much (personal) Information. For a notification email they will likely have your first and last name. If they have your address, phone number and age/date or birth good chance it is a scam.

via engadget