Samsung has admitted that hackers accessed the personal data of U.K.-based customers during a year-long breach of its systems.
In a statement to TechCrunch, Samsung spokesperson Chelsea Simpson, representing the company via a third-party agency, said Samsung was “recently alerted to a security incident” that “resulted in certain contact information of some Samsung U.K. e-store customers being unlawfully obtained.”
Samsung declined to answer further questions about the incident, such as how many customers were affected or how hackers accessed its internal systems.
In a letter sent to affected customers, Samsung admitted that attackers exploited a vulnerability in an unnamed third-party business application to access the personal information of customers who made purchases at Samsung U.K.’s store between July 1, 2019 and June 30, 2020.
In the letter, which was shared on X (formerly Twitter), Samsung said it didn’t discover the compromise until more than three years later, on November 13, 2023.
Samsung told affected customers that hackers may have accessed their names, phone numbers, postal addresses and email addresses. “No financial data, such as bank or credit card details or customer passwords, were impacted,” Samsung’s spokesperson told TechCrunch, adding that the company had reported the issue to the U.K.’s Information Commissioner’s Office (ICO).
ICO spokesperson Adele Burns confirmed to TechCrunch that the U.K. data protection regulator is aware of the incident and “will be making enquiries.”
Disrupt 2026: The tech ecosystem, all in one room
Your next round. Your next hire. Your next breakout opportunity. Find it at TechCrunch Disrupt 2026, where 10,000+ founders, investors, and tech leaders gather for three days of 250+ tactical sessions, powerful introductions, and market-defining innovation. Register now to save up to $400.
Save up to $300 or 30% to TechCrunch Founder Summit
1,000+ founders and investors come together at TechCrunch Founder Summit 2026 for a full day focused on growth, execution, and real-world scaling. Learn from founders and investors who have shaped the industry. Connect with peers navigating similar growth stages. Walk away with tactics you can apply immediately
Offer ends March 13.
This incident is the third data breach that Samsung has disclosed in the past two years.
In September 2022, the company confirmed in a brief notice that attackers had accessed some information from some of Samsung’s U.S. systems but declined to say how many customers were affected. Prior to this, in March 2022, Samsung confirmed that it had suffered a breach after Lapsus$ hackers claimed to have obtained and leaked almost 200 gigabytes of confidential data from the company’s systems, including source code for various technologies and algorithms for biometric unlock operations.
