Samsung Officially Acknowledges Hacking Damage to International Organization... Cooperates with Government and KISA

Ministry of Science and ICT: "No Similar Domestic Company Damage Cases Found"

Samsung Electronics achieved a record high performance with annual sales exceeding 279 trillion won. Samsung Electronics announced on the 7th that, based on its preliminary consolidated results for last year, sales reached 279.04 trillion won, and operating profit was 51.57 trillion won. The photo shows the Samsung Electronics Seocho building. Photo by Mun Ho-nam munonam@

[Asia Economy Reporter Cha Min-young] Samsung Electronics has officially acknowledged that it was targeted by a hacking attack from the global hacking group Lapsus$ and has joined forces with the government to respond to the hacking damage. However, it drew a clear line by stating that there was no leakage of personal information of employees or customers.

According to the industry and the Ministry of Science and ICT on the 8th, Samsung Electronics announced through an internal notice around 4 p.m. the previous day, "The company recently detected an external attempt to steal information and immediately activated a response system by strengthening security systems through the company-wide Information Security Center and the MX (Mobile Experience) Business Division Security Team."

Samsung Electronics stated, "The leaked data confirmed so far includes some source code necessary for Galaxy operation, but it does not contain personal information of employees or customers," adding, "We are taking all possible measures to block additional information leaks and protect employees and customers."

Samsung Electronics later reported the damage to the Korea Internet & Security Agency (KISA) around 4:30 p.m. According to Article 48 of the Information and Communications Network Act, providers of information and communication services are required to report related incidents immediately to the Korea Communications Commission or KISA upon occurrence of a breach.

The government, upon recognizing the damage, also took action. A Ministry of Science and ICT official said, "As Samsung disclosed, it is understood that the leaked content does not include personal information of employees or consumers," adding, "No similar damage cases involving domestic companies have been found so far."

The professional hacker group Lapsus$ announced on the 5th (local time) that the stolen data amounted to 190GB and posted it on the file-sharing program Torrent. The source code Samsung Electronics claims was hacked by Lapsus$ includes hardware and online services. It is known to contain algorithms for Samsung smartphone biometric authentication and bootloader source code that bypasses some operating system controls.

Lapsus$ is a criminal organization that hacked the U.S. semiconductor company Nvidia. On the 1st (local time), they hacked Nvidia's servers, stealing GPU circuit diagrams and important materials, and are reportedly negotiating.