The industry leader in technology, electronics, and smartphone producer, Samsung reported a data breach in its system. Earlier, the company was hit by a cyberattack in late July 2022. In August, the company discovered that a group of threat actors accessed its systems and breached customer personal data. 

The hackers had access to Samsung customers’ personal details including contacts, product registration data, dates of birth, and demographic information. However, the company said that the Social Security or credit card numbers were safe from the security breach. 

“In late July 2022, an unauthorized third party acquired information from some of Samsung’s U.S. systems. On or around August 4, 2022, we determined through our ongoing investigation that the personal information of certain customers was affected. We have taken actions to secure the affected systems, and have engaged a leading outside cybersecurity firm and are coordinating with law enforcement...” 

“…We want to assure our customers that the issue did not impact Social Security numbers or credit and debit card numbers, but in some cases, may have affected information such as name, contact and demographic information, date of birth, and product registration information,” reads a notice published by the company. 

The company further added that the information exposed for each relevant customer may vary, however, the company has started notifying impacted customers, and also advised them to remain cautious of any unrecognized and illegal communications that ask for their personal credentials or refer them to a web page asking for personal information. Customers must also review their accounts for suspicious and unsolicited activity. Besides, they should avoid clicking on links or downloading attachments from unrecognized and suspicious emails

Furthermore, Samsung claims to have detected the vulnerability in the system caused by the attack and to have taken measures to secure the impacted systems. Also, the company hired a leading cybersecurity firm to investigate the matter and report it to law enforcement.

According to a new report by the Brazilian Federal Audit Court (TCU), several federal government agencies in Brazil are at a high risk of cyberattacks. Federal government agencies need to reassess their approach to handling cybersecurity threats, the report reads. 

Report points out the number of areas at high risk but one of the biggest problems in the cybercrime section that the report has uncovered is the lack of backups while dealing with cyberattacks. 

A group of 29 areas that represent a high risk in terms of vulnerability, mismanagement, abuse of power, or need for drastic changes was discovered. 

Backups are very important and help against various forms of attack, as well as mistakes and mishaps. The most obvious one of those would be ransomware attacks. 

When systems are hacked and are locked up, a data backup could be the respite you’re looking for to restore the data stored on your devices. 

Additionally, the report cited the data; 

 • 74.6% of organizations (306 out of 410) do not have a formally approved backup policy—a basic document, negotiated between the business areas (“owners” of the data/systems) and the organization’s IT, with a view to disciplining issues and procedures related to the execution of backups. 

• 71.2% of organizations that host their systems on their own servers/machines (265 out of 372) do not have a specific backup plan for their main system. 

• 60.2% of organizations (247 out of 410) do not keep their copies in at least one non-remotely accessible destination, which carries a risk that, in a cyberattack, the backup files themselves end up being corrupted, deleted, and/or encrypted by the attacker or malware, rendering the organization’s backup/restore process equally ineffective. 

 • 66.6% of organizations that claim to perform backups (254 out of 385), despite implementing physical access control mechanisms to the storage location of these files, do not store them encrypted, which carries a risk of data leakage from the organization, which can cause enormous losses, especially if it involves sensitive and/or confidential information. 

Further, the researchers said that the federal government cannot respond to and treat cybersecurity attacks adequately. Also, there are several vulnerabilities in both information security and cybersecurity across most central bodies.