A recently filed class lawsuit blames Samsung for failing to safeguard personally identifiable information (PII) and notify the affected parties on time.
In the complaint filed to the US District Court for Nevada, plaintiff Shelby Harmer individually and on behalf of other affected customers, accused Samsung of negligence and invasion of privacy, among other things.
“Defendant’s notice of Data Breach was not just untimely but woefully deficient, failing to provide basic details,” the complaint reads.
Over 3,000 customers were affected by the breach.
The class action is brought on behalf of Samsung’s customers whose PII was stolen during the security breach in late July. The company only disclosed the security incident on September 2. Samsung said that an unauthorized party acquired information from some of Samsung’s US systems.
In some cases, the issue might have affected information such as name, contact and demographic information, date of birth, and product registration information. Samsung assured that Social Security, debit, and credit card numbers were not stolen.
“Plaintiff and all of the Class Members are currently at a very high risk of misuse of their Private Information in the coming months and years, including but not limited to unauthorized credit card charges, unauthorized access to email accounts, identity theft, and other fraudulent use of their financial accounts,” the complaint reads.
This is not the first time the company has fallen victim to a cyberattack this year. This March, a hacker collective, Lapsus$, claimed it had obtained source code for both activation servers and technology used to authenticate accounts, as well as algorithms for all biometric unlock operations.
At the time, Samsung downplayed the incident, anticipating no impact on its business and customers. The breach allegedly involved some source codes relating to the operation of Galaxy devices.
More from Cybernews:
Subscribe to our newsletter