Samsung Sued for Gobbling Up too much Personal Info that Miscreants then Stole


Thread author
Staff Member
Malware Hunter
Jul 27, 2015
A lawsuit has accused Samsung of failing to address a cyber-intrusion in early 2022, leading to the theft of US customers' personally identifiable information (PII) in a second attack months later in July.

The suit [PDF], filed this month in a federal district court in northern California seeking class-action status, alleges Samsung unnecessarily collects PII from its customers and, as demonstrated in the aforementioned July cyber-heist, fails to adequately protect the data it collects. The theft of that customer data, which the suit claims includes personal records on more than half of Samsung's US user base, stemmed from a cyberattack against the Korean tech giant's American arm in February. In that instance, notorious cyber-extortion gang Lapsus$ stole and leaked nearly 200GB of internal documents and files from Sammy.

While no customer PII was included in the published materials, source code for, among other things, Samsung's security management framework Knox, its bootloader, and online account creation and authentication was taken. The suit alleges Samsung's failure to shore up its systems in the aftermath of that exfiltration led directly to an intrusion in July in which personal data was harvested from the chaebol's servers by miscreants.


Level 25
Top Poster
Content Creator
Jan 16, 2017

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.