What you need to know
- Samsung is being sued for failing to notify affected customers of a July data breach.
- The incident was discovered in August, but it took Samsung a month to inform customers about the incident.
- Some 3,000 consumers were impacted by the breach.
Cyberattacks can typically go undetected for weeks or months, and companies involved would be wise to make public these incidents, lest they face legal ramifications, as Samsung is about to.
According to Bloomberg (opens in new tab), a complaint has been filed against Samsung over a recent data breach that occurred in July. An unauthorized third party managed to access and steal customer information from the company’s U.S. systems, including names, birthdays, contact information, and product registration information.
Samsung said it had discovered the hack on August 4, although it did not inform affected consumers until a month later.
The complaint, which was filed at the U.S. District Court for Nevada, alleges that Samsung neglected its duty as a collector of personal information by not reporting the incident to affected customers in a timely manner. Over 3,000 customers were affected by the breach, including the plaintiff, Shelby Harmer.
Earlier this month, Samsung began sending emails to customers whose personal information was stolen, according to the company. Samsung said it hired a “leading outside cybersecurity firm” to launch an investigation, which is still underway. Samsung has also contacted law enforcement.
While the company is working to address the incident, it may have done so a bit too late, and it could end up facing a class action suit for failing to take action in due time.
This was not the first time the South Korean tech giant fell prey to a cyberattack. Last March, a hacking group leaked a massive data trove from Samsung, which included confidential Samsung source code.