LoopPay Hack
LoopPay, a subsidiary of Samsung Electronics, was targeted by a group of government-affiliated Chinese hackers early this year.
LoopPay has magnetic secure transmission (MST) technology, the core of Samsung Pay, and it was acquired by Samsung in Feb. of this year.
According to the NYT, the hackers, known as the Codoso Group or Sunshock Group, had breached the computer network of LoopPay in Burlington, Mass., in March 2015 or earlier.
LoopPay executives explained that the hackers seemed to have tried to steal the MST tech. “The attackers are believed to have broken into LoopPay’s corporate network, but not the production system that helps manage payments,” remarked Will Graylin, LoopPay’s chief executive and co-general manager of Samsung Pay. He added, “Security experts are still looking through LoopPay’s systems, but there have been no indications that the hackers infiltrated Samsung’s systems or that consumer data have been exposed.”
LoopPay was unaware of the breach until it was notified by an organization in late Aug., which came across LoopPay’s data while tracking the Codoso Group in a separate investigation.
Executives at LoopPay and Samsung Pay said with confidence that they had removed infected machines, and customer payment information and personal devices were not affected by the hack.
Much attention is being paid to whether or not the hack will put a halt to the growing popularity of Samsung Pay. An official at Samsung flatly denied that the incident affected Samsung Pay.
“Samsung Pay was not impacted and at no point was any personal payment information at risk. This was an isolated incident that targeted the LoopPay corporate network, which is a physically separate network. The LoopPay corporate network issue was resolved immediately and had nothing to do with Samsung Pay,” said Darlene Cedres, Samsung’s chief privacy officer.