Samsung said on Monday that it experienced a security breach which compromised internal data, including the operating source code for its Galaxy smartphones.
According to Bloomberg, hacking group Lapsus$ breached Samsung's data over the weekend. The group reportedly posted a file with 190GB of the company's data on Friday on its Telegram channel. The data trove included Galaxy smartphone source code, exposing device security mechanisms like Samsung's biometric authentication for unlocking its smartphones. That means the hackers could discover vulnerabilities in the source code for those security features.
A Samsung spokesperson confirmed to Protocol in an email that the breach leaked Galaxy smartphone source code, but said personal information was not included in the data trove.
"We were recently made aware that there was a security breach relating to certain internal company data," the Samsung spokesperson said in a statement to Protocol. "Immediately after discovering the incident, we strengthened our security system."
The spokesperson said the company doesn't expect any impact to customers or the business, and has implemented measures to prevent future incidents. The company did not identify Lapsus$ as the group responsible for the breach.
Lapsus$ also reportedly made off with data from chipmaker Qualcomm, which makes smartphone CPUs for Samsung phones in the U.S.
Lapsus$ also claimed responsibility for a breach of chipmaker Nvidia's data in late February, which reportedly "completely compromised” its internal systems, leaking employee credentials and proprietary information. The hacking group has claimed it has taken a terabyte of Nvidia's data, according to PCMag, and demanded a payment in cryptocurrency and that it make its drivers open source to prevent more leaks. It is unclear whether Samsung received similar demands from the group.
Nvidia told The Verge and other outlets that it doesn't expect "disruption to [its] business or our ability to serve our customers" due to the breach, and has upped security and notified law enforcement.