Samsung confirms data breach after hackers leak internal source code

Samsung on Tuesday has confirmed a data breach after hackers leak internal source code.

Reportedly, hackers have obtained and leaked almost 200 gigabytes of confidential data, including source code for various technologies and algorithms for biometric unlock operations.

A spokesperson for the South Korean giant company Samsung confirmed a “security breach” related to some internal company data but said no personal data belonging to customers or employees were accessed by the hackers.

“According to our initial analysis, the breach involves some source code relating to the operation of Galaxy devices, but does not include the personal information of our consumers or employees,” Samsung said.

“Currently, we do not anticipate any impact to our business or customers. We have implemented measures to prevent further such incidents and will continue to serve our customers without disruption.”

A hacking group  Lapsus$ has claimed responsibility for the breach.

It is reported to be the same group that infiltrated Nvidia and subsequently published thousands of employee credentials online. 

In a post on its Telegram channel, Lapsus$ has claimed to have obtained source code for trusted applets installed in Samsung’s TrustZone environment, which Samsung phones use for performing sensitive operations, algorithms for all biometric unlock operations, and bootloader source code for all recent Samsung Galaxy devices.

It is not clear yet whether Lapsus$ demanded a ransom from Samsung before leaking the data.