Skip to main content
  1. Home
  2. Mobile
  3. News

Samsung Pay wasn’t breached in state-sponsored LoopPay hack, executives say

By

samsung pay first us birthday mobile payment
Image used with permission by copyright holder
LoopPay — the Massachusetts-based company that Samsung acquired in February and the developer behind one of Samsung Pay’s core technologies — stores a lot of valuable data behind its virtual walls. Data so valuable, in fact, that the company’s servers were recently the target of state-sponsored hackers. The New York Times reports that as early as March, a team of government-affiliated Chinese hackers known as the Codoso Group managed to infiltrate LoopPay’s corporate network.

The apparent target of the breach was LoopPay’s technology. Unlike Apple Pay and Android Pay, LoopPay uses magnetic secure transmission (MST), a radio-based mechanism that wirelessly emulates a credit card swipe. While most tap-and-pay mobile wallets require a point-of-sale system with near-field communication (NFC) capabilities, Samsung says MST works with with “90 percent” of legacy terminals in use by U.S. retailers.

Recommended Videos

“Samsung Pay was not impacted and at no point was any personal payment information at risk.”

LoopPay, which became aware of the breach in late August, told the New York Times an ongoing investigation had found no evidence that the hackers accessed sensitive customer data. Will Graylin, LoopPay chief and co-general manager of Samsung Pay, told the Times that the group wasn’t able to breach the system that stores payment information. Samsung executives echoed those assurances.

“Samsung Pay was not impacted and at no point was any personal payment information at risk,” said Samsung’s chief privacy officer Darlene Cedres in a statement. “This was an isolated incident that targeted the LoopPay corporate network, which is a physically separate network. The LoopPay corporate network issue was resolved immediately and had nothing to do with Samsung Pay.” Samsung also said the breach won’t impact the U.S. rollout of Samsung Pay, which began a little over a month ago.

Some security analysts believe the extent of the damage may take weeks to uncover. The Codoso Group had access to LoopPay’s corporate servers for five months before a third-party company stumbled upon signs of the breach. And in an attack on Forbes perpetrated by the Codoso Group last November, later forensics revealed the presence of resilient backdoors to the news organization’s infrastructure.

LoopPay has hired two private security teams to investigate the breach. The company hasn’t notified law enforcement because it believes “no customer data or financial information had been stolen,” the Times reports.

The hack is the latest in a series of Chinese attacks on high-profile U.S. targets. A breach of the U.S. Office of Personnel Management’s (OPM) network in June affected four million state employee records, and in 2011, a Chinese state-affiliated group managed to breach the U.S. Chamber of Commerce.

Editors' Recommendations

Topics
Kyle Wiggers
Kyle Wiggers
Former Digital Trends Contributor
Kyle Wiggers is a writer, Web designer, and podcaster with an acute interest in all things tech. When not reviewing gadgets…
Samsung Galaxy Watch 7 Ultra: news, rumored price, release date, and more
Taking a blood pressure measurement on the Samsung Galaxy Watch 6 Classic.

Samsung has a strong presence in the smartwatch market with its Galaxy Watch series, which includes the Galaxy Watch 6 and the Galaxy Watch 6 Classic. The company is expected to launch the Galaxy Watch 7 and Galaxy Watch 7 Classic later this year. However, rumors suggest that Samsung is also working on a new addition to its smartwatch lineup — the Samsung Galaxy Watch 7 Ultra.

Information about this watch is sparse at the moment. However, that should change as we approach a launch date. Here's the latest information on the Galaxy Watch 7 Ultra.
Samsung Galaxy Watch 7 Ultra: release date

Read more
AT&T now makes you pay even more for its fastest 5G speeds
A photo of the AT&T logo on a building.

We have bad news for AT&T customers who always expect to get the fastest 5G speeds. The second-largest carrier in the U.S. will now make you pay extra for the fastest option. On Thursday, AT&T announced its new “Turbo” add-on, which it says will provide “enhanced data connectivity for real-time responsiveness.”

What this means in terms of network speeds compared to what everyday AT&T 5G customers get isn’t exactly clear.

Read more
How to find your phone number on iPhone or Android
Someone holding up an iPhone 14 to their ear.

Let's face it: Most of us don't call our own phones very often. If you're like most people, this means you probably don't know your own phone number off-hand, especially if you rarely give it out to people or haven't had it for long, such as after setting up a new account or changing your number after moving to a new town.

To make things even more complicated, many modern smartphones let you set up more than one line using an eSIM, which gives you more than one number to remember.

Read more