Sign up to our newsletter
Following a report from the New York Times that Samsung’s new mobile payment system acquisition was attacked by cybercriminals, the tech giant has reassured its customers that there is no need to be concerned.
In an official statement that directly addressed the article, it said that Samsung Pay was not affected by the isolated incident at LoopPay.
It added that the attack was focused on the LoopPay office network, which is completely independent of the production network that is native to Samsung Pay.
“As soon as the incident was discovered, LoopPay followed their standard incident response procedures and acted immediately and comprehensively,” the South Korean company elaborated.
“LoopPay brought in two independent professional security teams. LoopPay immediately identified and quarantined the targeted devices, conducted a thorough and extensive sweep of LoopPay’s entire system, and put additional safeguards in place.”
Samsung went on to say that it is is confident that Samsung Pay is “safe and secure” because the security around the system is robust.
For example, the mobile payment system uses a digital and encrypted token to replace a card number for every transaction – this is entirely unique and cannot be repeated.
The New York Times article revealed that the attack on LoopPay’s production system took place in March of this year. It was only discovered in August.
It reported that the cybercriminals behind the incident are thought to be the Codoso Group (also known as the Sunshock Group), which counts Forbes as one of its victims.
“Once Codoso compromises their targets — which range from dissidents to C-level executives in the US — they tend to stay there for quite a long time, building out their access points so they can easily get back in,” John Hultquist, head of intelligence on cyberespionage at iSight Partners, told the news provider.
“They’ll come back to a previous organization of interest again and again.”
Author Karl Thomas, ESET