Samsung Hit With New Lawsuit in Response to Recent Breach

September 29, 2022 | 4 minutes read
Samsung Hit With New Lawsuit in Response to Recent Breach

In conjunction with the data breach that South Korean multinational manufacturing conglomerate Samsung experienced in February of this year, a lawsuit has recently been filed against the company in a federal district court in Northern California. Likewise, this lawsuit alleges that Samsung “was aware that the fraudsters and criminals who had access to the stolen source codes and authentication-related information (among other confidential data) could penetrate defendant’s weak systems.” For context, despite the fact that Samsung was hit with a data breach earlier this year, they did not confirm this breach until several months later in September.

To this point, in spite of the fact that Samsung has maintained that the personal information of customers was not disclosed as a result of the breach, the hackers who launched the attack were still reportedly able to access “Samsung’s security management framework Knox, its bootloader, and online account creation and authentication”, in addition to the company’s source code. Moreover, this theft of customer data also reportedly impacted more than half of Samsung’s customer base within the U.S. For this reason, many customers around the country have continued to raise issues with both the underlying security measures that enabled the breach to occur, as well as the manner in which Samsung handled the breach.

A trove of personal data

One of the major points of contention within the lawsuit that was filed against Samsung in the state of California this week is the overwhelming amount of personal data that the company collects from its customers. Much like other major corporations, Samsung requires that its users create and register their personal online accounts when using the company’s multitude of products and services. To illustrate this point further, Samsung currently sells TVs, printers, smartphones, watches, and other various forms of hardware, and any customer that purchases one of these products will be prompted to register their information when setting a particular device up for use.

As stated in the lawsuit, “Samsung collects data including names, dates of birth, addresses, geolocation data, emails, phone numbers, and device information.” What’s more, the suit also contends that this level of data collection is unnecessary, and posits that Samsung uses the personal information of its customers to “increase its profits, gather information regarding its customers, and be able to track their customers and their behaviors.” As a result, this expansive amount of data made the technology company vulnerable to the cyber attacks that they have experienced in the past few years.

Samsung’s privacy policy

On top of Samsung’s data collection and retention practices, the lawsuit also highlights the alleged ineffectiveness of the company’s privacy policy to safeguard and protect the personal information it collects. To this end, the lawsuit states that Samsung’s customers “relied to their detriment on [Samsung’s] uniform representations and omissions regarding data security, including failure to alert customers that its security protections were inadequate, and that [Samsung] would forever store Plaintiffs’ and customers’ PII, failing to archive it, protect it, or at the very minimum warn consumers of the anticipated and foreseeable data breach.” Furthermore, the suit also argues that Samsung violated consumer privacy legislation in California and Michigan respectively due to their handling of the data breach that took place.

With all this being said, the class members involved in the suit are looking for “$5,000,000 in damages and costs” from Samsung, in addition to a requirement that would force the company to submit to external review by an independent auditor. Over and above that, the lawsuit also calls on Samsung to train its employees in a more efficient fashion, particularly as it concerns the topics of cyber security and social engineering, as well as destroy any personal data the technology company is still retaining that belongs to the various class members that are part of the lawsuit, among other things.

As data breaches continue to be a frequent occurrence around the world due to the role that the internet plays in virtually every aspect of modern-day life, corporations such as Samsung will have to take a closer look at the ways in which they collect personal data, as well as the privacy policies and security mechanism that are used to protect such data. Subsequently, while the personal data of customers has proven extremely valuable for businesses such as Samsung, this information is equally important to hackers and cybercriminals that are looking to steal such data and use it for nefarious purposes.

Related Reads

Blurring Faces from Videos and The Truth About Body-Worn Camera Privacy
September 06, 2023 | 4 minutes read
Blurring Faces from Videos and The Truth About Body-Worn Camera Privacy

Body-worn cameras are an essential piece of equipment for law enforcement officers and the redaction of faces from BWC footage is necessary to protect the privacy of individuals.

Learn More »
Sensitive Information, Protected: Patient Privacy, HIPAA, And You
August 30, 2023 | 4 minutes read
Sensitive Information, Protected: Patient Privacy, HIPAA, And You

HIPAA compliance ensures patient privacy. Often making the consequences of non-compliance severe, so how do you avoid that?

Learn More »
Protecting Privacy in the Healthcare Field: PII, PHI & PCI
July 12, 2023 | 5 minutes read
Protecting Privacy in the Healthcare Field: PII, PHI & PCI

Healthcare professionals handle a wide range of sensitive data that is crucial for delivering quality care. But protecting that data is getting harder.

Learn More »
FISA Section 702, Is The US Government Monitoring You?
June 26, 2023 | 6 minutes read
FISA Section 702, Is The US Government Monitoring You?

Is there a give-and-take relationship that must be accepted when it comes to keeping the country safe? Should U.S. persons be okay with the incidental collection of their conversations in the name of national security under FISA Section 702? Even when it violates their constitutional rights? Well, that’s up to Congress to decide.

Learn More »
The Gap You Won’t Want to Close: Air-Gapped Systems
June 05, 2023 | 6 minutes read
The Gap You Won’t Want to Close: Air-Gapped Systems

An air-gapped system is a computer, or network that is physically isolated from any external connections and networks which includes the Internet. It operates in total isolation with neither wired nor wireless connections to other devices.

Learn More »
Using Redaction for Privacy Maintenance as An Investigator
May 31, 2023 | 5 minutes read
Using Redaction for Privacy Maintenance as An Investigator

These oaths emphasize upholding the law, serving the public, and protecting the rights of individuals. One of these many rights is privacy. An investigator must adhere to the legal and ethical guidelines within the jurisdiction and perform their investigation within those specifically set boundaries.

Learn More »