Samsung could be Vulnerable from Hack on LoopPay Subsidiary

October 22, 2015//Ellen Neveux

Last Updated: May 30, 2018

Hackers based in China have compromised the network of LoopPay—a Samsung subsidiary responsible for the mobile payment technology that supports Samsung Pay. Are users of Samsung devices and this new payment app at risk?

It’s a strong possibility.

In September of this year, electronics conglomerate Samsung launched Samsung Pay, a mobile pay method for Samsung devices available over certain mobile carriers. Released first in South Korea, Samsung Pay processed more than $30 million in transactions prior to launch in the United States.

Just two weeks later, Samsung subsidiary LoopPay announced that its corporate network suffered a security breach as early as March of this year. The breach was not discovered until August.

LoopPay vendor risk raises questions about integrity of Samsung enterprise IT

After the data breach at LoopPay became public, Samsung announced that its Pay technology operates from a mobile division at Samsung—not through the LoopPay network. However, the LoopPay breach remains under active investigation despite this reassurance.

According to a recent article in The New York Times, the facts currently known about the breach include:

  • A group of nation-state hackers from China called the Codosco Group infiltrated LoopPay in March, apparently seeking sensitive information on LoopPay’s magnetic secure transmissions technology (MST). Samsung Pay utilizes this technology.
  • The data breach was not discovered by LoopPay, or Samsung. Instead, the breach was discovered by an outside party tracking Codesco on the internet.
  • Codesco is known to build invisible “back door” access points into the network systems of its victims where it can return at a later date.

Samsung Pay launched just weeks after the breach was discovered, and before a full investigation could be completed. While Samsung states its enterprise IT was not compromised, it is not known when—or if—the extent of the LoopPay breach will be known or disclosed.

Manage vendor risk and remote access with secure solutions

The competition for supremacy in smartphones and cashless transactions is intense. In mobile payments, a slight edge could mean a significant windfall for Apple, Android, or Samsung. By the same token, loss of consumer confidence through a data breach could prove very costly.

Make sure your enterprise data is safe and access to your network is secure. When you need the right security solutions for the healthcare, business, legal or other industry, contact SecureLink.

Request a demo to see how to protect your enterprise data. 

Subscribe to the SecureLink Blog.
close close