Samsung’s mobile payments acquisition LoopPay breached by hackers
A report on Wednesday revealed that LoopPay, the U.S.-created mobile payment system acquired by Samsung in February, was the target of a hacker attack in March.
But the most interesting wrinkle in the story is the fact that the hackers who executed the attack on the South Korea-based company appear to be from China, thus framing the incident as a case of international, possibly corporate, espionage, rather than just another hack.
Details of the hacking attack surfaced in a New York Times report, which claims that the Chinese hacker group the Codoso Group had breached the LoopPay computer network. The breach was discovered in August, giving the hackers a full five months access to the network.
“Samsung Pay was not impacted and at no point was any personal payment information at risk,” Darlene Cedres, Samsung’s chief privacy officer, told Mashable in an emailed statement.
“This was an isolated incident that targeted the LoopPay corporate network, which is a physically separate network from Samsung Pay. The LoopPay corporate network issue was resolved immediately and had nothing to do with Samsung Pay. Samsung is extremely committed to securing and protecting user data to the highest industry standards.”
Nevertheless, the report of the breach comes at a particularly bad time for Samsung, which just launched its Samsung Pay product in the U.S. last week.
According to Samsung, no personal payment information was ever at risk. Instead, it appears the hackers were after details on LoopPay’s magnetic secure transmission (MST) technology. Samsung is using MST in conjunction with its wireless NFC technology to allow mobile payments on older systems that rely on older magnetic stripe card-style payment systems.
Another notably unique detail in the Times report is the fact that LoopPay has not alerted law enforcement officials to the breach, reportedly due to the fact that no financial or consumer data was stolen.
In addition to the statement obtained by Mashable, Samsung also published a blog post reaffirming the safety of the Samsung Pay system.
“As soon as the incident was discovered, LoopPay followed their standard incident response procedures and acted immediately and comprehensively. LoopPay brought in two independent professional security teams,” reads the blog post. “Again, Samsung, Samsung Pay, and Samsung users were not affected.”