Skip to main content

Samsung Pay wasn’t breached in state-sponsored LoopPay hack, executives say

samsung pay first us birthday mobile payment
Image used with permission by copyright holder
LoopPay — the Massachusetts-based company that Samsung acquired in February and the developer behind one of Samsung Pay’s core technologies — stores a lot of valuable data behind its virtual walls. Data so valuable, in fact, that the company’s servers were recently the target of state-sponsored hackers. The New York Times reports that as early as March, a team of government-affiliated Chinese hackers known as the Codoso Group managed to infiltrate LoopPay’s corporate network.

The apparent target of the breach was LoopPay’s technology. Unlike Apple Pay and Android Pay, LoopPay uses magnetic secure transmission (MST), a radio-based mechanism that wirelessly emulates a credit card swipe. While most tap-and-pay mobile wallets require a point-of-sale system with near-field communication (NFC) capabilities, Samsung says MST works with with “90 percent” of legacy terminals in use by U.S. retailers.

“Samsung Pay was not impacted and at no point was any personal payment information at risk.”

LoopPay, which became aware of the breach in late August, told the New York Times an ongoing investigation had found no evidence that the hackers accessed sensitive customer data. Will Graylin, LoopPay chief and co-general manager of Samsung Pay, told the Times that the group wasn’t able to breach the system that stores payment information. Samsung executives echoed those assurances.

“Samsung Pay was not impacted and at no point was any personal payment information at risk,” said Samsung’s chief privacy officer Darlene Cedres in a statement. “This was an isolated incident that targeted the LoopPay corporate network, which is a physically separate network. The LoopPay corporate network issue was resolved immediately and had nothing to do with Samsung Pay.” Samsung also said the breach won’t impact the U.S. rollout of Samsung Pay, which began a little over a month ago.

Some security analysts believe the extent of the damage may take weeks to uncover. The Codoso Group had access to LoopPay’s corporate servers for five months before a third-party company stumbled upon signs of the breach. And in an attack on Forbes perpetrated by the Codoso Group last November, later forensics revealed the presence of resilient backdoors to the news organization’s infrastructure.

LoopPay has hired two private security teams to investigate the breach. The company hasn’t notified law enforcement because it believes “no customer data or financial information had been stolen,” the Times reports.

The hack is the latest in a series of Chinese attacks on high-profile U.S. targets. A breach of the U.S. Office of Personnel Management’s (OPM) network in June affected four million state employee records, and in 2011, a Chinese state-affiliated group managed to breach the U.S. Chamber of Commerce.

Editors' Recommendations

Kyle Wiggers
Former Digital Trends Contributor
Kyle Wiggers is a writer, Web designer, and podcaster with an acute interest in all things tech. When not reviewing gadgets…
Does the OnePlus 12 have a headphone jack?
OnePlus 12 in green and white.

OnePlus has been a popular choice for people seeking high-quality, affordable smartphones. With the launch of its latest offering, the OnePlus 12, it's time for OnePlus fans to pay close attention. While the device has only been launched in China so far, fans across the globe are eagerly waiting for its release in their respective countries.

For those who rely on wired headphones or earbuds, the presence of a headphone jack is a crucial factor in their decision to purchase a new device. While some manufacturers have done away with the jack, others have opted for alternative solutions like USB-C or wireless options.

Read more
2023 was the best year for Google Pixel devices yet
A person holding the Google Pixel 8.

Almost all of Google’s Pixel device releases in 2023 have been winners, making this the best year for Pixel yet.

Don’t believe me? It's true! Here’s what Google has done with its mobile hardware and software over the past months that allows me to make such a bold claim.
This isn't about the Pixel 7 series

Read more
Want to make a movie on your iPhone? Experts told me their secrets
Someone using the camera app on the iPhone 15 Pro Max.

“The phone in your pocket is a time machine. Take it out, point the camera, and shoot important moments in your life. It’s your very own film,” says Victoria Mapplebeck, a Department of Media Arts professor at the Royal Holloway University of London. She knows a thing (or two) about making films with a smartphone.

Victoria won the BAFTA honors in the Short Form Programme category in 2019 for her film Missed Call. It was shot on an iPhone X, one of the first films to showcase the might of smartphone filmmaking.

Read more