On Friday, Samsung sent a notification via email to its users in the US (I personally received a notice as well). The email arrived from Samsung USA with the subject line: “An important notice regarding customer information”.
In late July 2022, an unauthorized party acquired information from some of Samsung’s U.S. systems. On or around August 4, we determined through our ongoing investigation that personal information of certain customers was affected.
The breach happened sometime in July 2022, according to the email. Samsung has determined on August 4 (nearly a month later) that data was affected but waited this long to let customers know. Perhaps Samsung wanted to make sure it knew what kind of data was compromised before notifying users. Samsung continues by clarifying what kind of data could have been affected.
We have taken actions to secure the affected systems, and have engaged a leading outside cybersecurity firm and are coordinating with law enforcement. We want to assure our customers that the issue did not impact Social Security numbers or credit and debit card numbers, but in some cases, may have affected information such as name, contact and demographic information, date of birth, and product registration information. The information affected for each relevant customer may vary.
The email refers customers to Samsung’s security response center landing page, which includes contact information for the major credit bureaus of the US. Although Social Security or credit card numbers were seemingly not affected, customers should continue to monitor their credit reports for any unusual activity.
This notice applies to US-based Samsung Account holders as the US systems were the ones that were unauthorizedly accessed.