It’s been a pretty big week for hackers. Both Plex and LastPass were hit by a data breach, and security researchers uncovered a phishing campaign with over 130 corporate targets. Now, Samsung is notifying customers of its own data breach, which exposed customers names, addresses, and other personal information.
This data breach only impacts U.S. customers. Samsung says that hackers did not access Social Security or payment information, and that the vulnerability leading to this breach is resolved. The company is working with law enforcement and cybersecurity firms to further investigate the issue.
Here’s Samsung’s current stance:
We want to assure our customers that the issue did not impact Social Security numbers or credit and debit card numbers, but in some cases, may have affected information such as name, contact and demographic information, date of birth, and product registration information. The information affected for each relevant customer may vary.
So, it seems that hackers got their hands on identifyable personal information, such as names and birthdays. Samsung also mentions that “demographic information” was exposed—this likely refers to advertising or marketing data, which can include thousands of variables, including occupation, gender, income, race, or location.
Samsung also says that “product registration information” may have been exposed during this breach. We asked the company for clarification, and it told us that “customers may provide information including product purchase date, model, and device ID” when registering their products for software updates and limited warranties.
This story is developing, so we will continue to update this article with new information. Note that many customers were unaffected by this breach—if you don’t receive an email, you might be okay. Please read Samsung’s data breach announcement and FAQ if you own any of the company’s internet-connected products.