Samsung is warning customers about a cybersecurity incident in July, where “an unauthorized third party acquired information from some of Samsung’s U.S. systems,” including things like names, birthdays, contact info, and product registration information. The company says it discovered the breach on August 4th, and is currently investigating it with “a leading outside cybersecurity firm.”
According to the company’s FAQ about the incident, it’s sending emails to customers who were specifically affected, and it will continue doing so as its investigation progresses. Samsung says that not everybody will have had the same info leaked. The company didn’t immediately reply to The Verge’s request for comment on which of its systems were specifically affected.
While the company says that no Social Security numbers or debit / credit card numbers were taken, the type of info that the hackers did end up getting can be very useful in social engineering attacks on other services you use. If you’ve been putting off activating two-factor authentication on some important accounts, it’s probably not a bad idea to get it done as soon as you can.
Samsung says that at the moment you don’t have to change your password, or take any specific steps to keep your Samsung products or accounts safe, as “consumer devices were not affected in connection with this incident.” However, the company does recommend keeping an eye out for any unusual activity on your account, and being extra vigilant when it comes to phishing emails.