SecurityWeek reports that Samsung has been hit with a class-action lawsuit following two data breaches this year.
Samsung has been accused of inadequately protecting unnecessarily collected user data, which then resulted in successive breaches, with the lawsuit claiming that various Samsung electronics products had certain functions intentionally disabled unless users provide personally identifiable information.
Samsung was initially compromised by the Lapsus$ threat group early this year, which claimed to have exfiltrated 190GB of data, including Galaxy device source code and more than 6,000 secret keys. The lawsuit alleged that the breach's impact was downplayed with Samsung's assertions that it only impacted source code related to Galaxy devices.
Meanwhile, the second cyberattack against Samsung in July, which exposed U.S. customers' personal data, could have been averted by the company, claimed the suit.
"It is believed that greater than half of Samsung's U.S. consumers had their [personal identifiable information] compromised in the breach," said the lawsuit.
A healthcare provider can have all the elements in place, but without context, prioritization of systems, and well-practiced incident response plan, the effectiveness of well-laid processes are limited.