A breach at Samsung Electronics exposed source code for its Galaxy smartphones as well as internal company data — but no personal information was stolen, according to multiple media reports on Monday (March 7).
“There was a security breach relating to certain internal company data. According to our initial analysis, the breach involves some source code relating to the operation of Galaxy devices but does not include the personal information of our consumers or employees,” Samsung said in a statement.
“Currently, we do not anticipate any impact to our business or customers. We have implemented measures to prevent further such incidents and will continue to serve our customers without disruption.”
Read more: Synthetic Identity Fraud Costs Businesses Billions Each Year, Data Show
Samsung told Bloomberg that the company instituted security measures to fend off further attacks and customers’ personal data was not affected.
The LAPSUS$ hacking group — the same hackers that reportedly took responsibility for breaching proprietary information from Nvidia Corp.’s networks last week — claimed on Friday (March 4) it was leaking confidential data from Samsung, Bleeping Computer reported.
See also: Hackers Post Nvidia Personnel Data Online After February Breach
It was not known if LAPSUS$ contacted Samsung for a ransom, as with Nvidia.
Following the Feb. 23 Nvidia hack, it was discovered that hackers stole employee credentials and proprietary information and posted it online.
LAPSUS$ said the breach contained source code for every Trusted Applet installed in Samsung’s TrustZone environment used for sensitive operations, algorithms for all biometric unlock operations, bootloader source code for all recent Samsung devices, plus confidential source code from Qualcomm.
Also reportedly exposed by LAPSUS$ was source code for Samsung’s activation servers and full source code for technology used for authorizing and authenticating Samsung accounts, including APIs and services, Bleeping Computer reported.
You may also enjoy: The Perils Of “One-Size-Fits-All” Authentication
Samsung’s breached data was divided into three compressed files totaling close to 190GB and made available in a Telegram torrent shared with more than 400 peers. LAPSUS$ also said that it would deploy more servers to increase the download speed.