Samsung PhonesGettyImages-1126324973

After hackers obtained and leaked almost 200 gigabytes of confidential data, Samsung confirmed a security breach, including source code for various technologies and algorithms for biometric unlock operations.

The Lapsus$ hacking group — the same group that infiltrated Nvidia and subsequently published thousands of employee credentials online — took responsibility for the breach. In a post on its Telegram channel, Lapsus$ claims to have obtained source code for trusted applets installed in Samsung’s TrustZone environment, which Samsung phones use for performing sensitive operations, algorithms for all biometric unlock operations, and bootloader source code for all current Samsung Galaxy devices.

The stolen data also allegedly includes confidential data from U.S. chipmaker Qualcomm, which supplies chipsets for Samsung smartphones sold in the United States.

Access to source code can help threat actors find security vulnerabilities that otherwise might not be easily found, potentially opening affected devices or systems to exploitation or data exfiltration.

A spokesperson for Samsung confirmed a “security breach” related to some internal company data but said the hackers accessed no personal data belonging to customers or employees.

“According to our initial analysis, the breach involves some source code relating to the operation of Galaxy devices but does not include the personal information of our consumers or employees,” Samsung said. “Currently, we do not anticipate any impact on our business or customers. We have implemented measures to prevent further such incidents and will continue to serve our customers without disruption.”

When reached, Qualcomm said it was aware of an incident reportedly involving Samsung. “We take these claims very seriously and are working expeditiously with Samsung to understand the scope of the incident and confirm what Qualcomm data, if any, have been impacted. We have no reason to believe that Qualcomm systems or security were impacted due to this reported incident,” said Qualcomm spokesperson Clare Conley.

It’s unclear whether Lapsus$ demanded a ransom from Samsung before leaking the data, as it did with increasingly bizarre demands aimed at Nvidia. The gang called on the U.S. chipmaker to disable its controversial Lite Hash Rate (LHR) feature and demanded it open-source its graphics chip drivers for macOS, Windows, and Linux devices.

That deadline came on Friday, but the hacking group has yet to follow through with its threat.

Please enter CoinGecko Free Api Key to get this plugin works.