Samsung Hit With New Lawsuit in Response to Recent Breach
September 29, 2022 | 4 minutes read
In conjunction with the data breach that South Korean multinational manufacturing conglomerate Samsung experienced in February of this year, a lawsuit has recently been filed against the company in a federal district court in Northern California. Likewise, this lawsuit alleges that Samsung “was aware that the fraudsters and criminals who had access to the stolen source codes and authentication-related information (among other confidential data) could penetrate defendant’s weak systems.” For context, despite the fact that Samsung was hit with a data breach earlier this year, they did not confirm this breach until several months later in September.
To this point, in spite of the fact that Samsung has maintained that the personal information of customers was not disclosed as a result of the breach, the hackers who launched the attack were still reportedly able to access “Samsung’s security management framework Knox, its bootloader, and online account creation and authentication”, in addition to the company’s source code. Moreover, this theft of customer data also reportedly impacted more than half of Samsung’s customer base within the U.S. For this reason, many customers around the country have continued to raise issues with both the underlying security measures that enabled the breach to occur, as well as the manner in which Samsung handled the breach.
A trove of personal data
One of the major points of contention within the lawsuit that was filed against Samsung in the state of California this week is the overwhelming amount of personal data that the company collects from its customers. Much like other major corporations, Samsung requires that its users create and register their personal online accounts when using the company’s multitude of products and services. To illustrate this point further, Samsung currently sells TVs, printers, smartphones, watches, and other various forms of hardware, and any customer that purchases one of these products will be prompted to register their information when setting a particular device up for use.
As stated in the lawsuit, “Samsung collects data including names, dates of birth, addresses, geolocation data, emails, phone numbers, and device information.” What’s more, the suit also contends that this level of data collection is unnecessary, and posits that Samsung uses the personal information of its customers to “increase its profits, gather information regarding its customers, and be able to track their customers and their behaviors.” As a result, this expansive amount of data made the technology company vulnerable to the cyber attacks that they have experienced in the past few years.
Samsung’s privacy policy
On top of Samsung’s data collection and retention practices, the lawsuit also highlights the alleged ineffectiveness of the company’s privacy policy to safeguard and protect the personal information it collects. To this end, the lawsuit states that Samsung’s customers “relied to their detriment on [Samsung’s] uniform representations and omissions regarding data security, including failure to alert customers that its security protections were inadequate, and that [Samsung] would forever store Plaintiffs’ and customers’ PII, failing to archive it, protect it, or at the very minimum warn consumers of the anticipated and foreseeable data breach.” Furthermore, the suit also argues that Samsung violated consumer privacy legislation in California and Michigan respectively due to their handling of the data breach that took place.
With all this being said, the class members involved in the suit are looking for “$5,000,000 in damages and costs” from Samsung, in addition to a requirement that would force the company to submit to external review by an independent auditor. Over and above that, the lawsuit also calls on Samsung to train its employees in a more efficient fashion, particularly as it concerns the topics of cyber security and social engineering, as well as destroy any personal data the technology company is still retaining that belongs to the various class members that are part of the lawsuit, among other things.
As data breaches continue to be a frequent occurrence around the world due to the role that the internet plays in virtually every aspect of modern-day life, corporations such as Samsung will have to take a closer look at the ways in which they collect personal data, as well as the privacy policies and security mechanism that are used to protect such data. Subsequently, while the personal data of customers has proven extremely valuable for businesses such as Samsung, this information is equally important to hackers and cybercriminals that are looking to steal such data and use it for nefarious purposes.