“We recently became aware of a security incident that resulted in unauthorized access to certain contact information for some customers of the Samsung online store in the UK,” Samsung spokesperson Chelsea Simpson told TechCrunch , though the company declined to provide further details about the incident, such as how many customers were affected or how hackers were able to gain access to the company’s internal systems.

In a letter to affected customers, the company admitted that attackers exploited a vulnerability in a third-party business application and gained access to the personal information of customers who made purchases in the Samsung online store area in the UK between July 1, 2019 and June 30, 2020.

It was not until more than three years later, on November 13, 2023, that the South Korean company discovered a hacker attack on its system. The attack allowed hackers to access customer names, phone numbers, postal addresses and email addresses.

Samsung stressed that the attackers did not steal financial data, including bank card details and customer passwords, adding that the company had notified the UK Information Commissioner's Office (ICO) about the incident and the regulator would investigate.

This is the third time Samsung's systems have been hacked by cybercriminals in the past two years. In March 2022, the Lapsus$ hacker group stole about 200GB of data, including source code for various technological solutions, such as biometric unlocking algorithms. In September of the same year, hackers gained access to data from some of Samsung's US divisions, although the company also declined to disclose the number of affected customers.