SecurityWeek reports that Samsung has been hit with a class-action lawsuit following two data breaches this year.
Samsung has been accused of inadequately protecting unnecessarily collected user data, which then resulted in successive breaches, with the lawsuit claiming that various Samsung electronics products had certain functions intentionally disabled unless users provide personally identifiable information.
Samsung was initially compromised by the Lapsus$ threat group early this year, which claimed to have exfiltrated 190GB of data, including Galaxy device source code and more than 6,000 secret keys. The lawsuit alleged that the breach's impact was downplayed with Samsung's assertions that it only impacted source code related to Galaxy devices.
Meanwhile, the second cyberattack against Samsung in July, which exposed U.S. customers' personal data, could have been averted by the company, claimed the suit.
"It is believed that greater than half of Samsung's U.S. consumers had their [personal identifiable information] compromised in the breach," said the lawsuit.
BleepingComputer reports that multinational building automation conglomerate Johnson Controls had its operations, as well as those of its subsidiaries, disrupted by a significant ransomware attack claimed by the Dark Angels ransomware operation over the weekend that compromised its VMware ESXi servers and various other devices.