Tech Company Central To Samsung Pay’s System Breached, Consumer Info Not Targeted

Mobile payment software company LoopPay – which provides much of the nuts and bolts for Samsung Pay – announced Wednesday that it became the victim of a hack attack back in March. Despite the breach, Samsung and its smaller subsidiary assured users of its mobile payment system their information was never at risk. 

The breach, which occurred just a month after Samsung acquired the Massachusetts-based tech company, focused on LoopPay’s corporate computer network and technology known as magnetic secure transmission (MST) – a key component of the Samsung Pay wallet, the New York Times reports.

“Samsung Pay was not impacted and at no point was any personal payment information at risk,” Darlene Cedres, Samsung’s chief privacy officer, said in a statement. “This was an isolated incident that targeted the LoopPay corporate network, which is a physically separate network.”

LoopPay’s chief executive and co-general manager of Samsung Pay, Will Graylin, reiterated to the Times that the breach failed to come into contact with any production system that actually manages payments.

The hack was first discovered in late August when LoopPay’s data was found during a separate investigation into a Chinese hacking group known as Codoso Group.

While the investigation into the breach is ongoing, both Samsung and LoopPay executives tell the Times they are confident infected machines were removed.

Still, security experts tell the Times that it may be premature to say the hackers had been eradicated from the system.

Because they were inside LoopPay’s network undetected for five months and the sophisticated nature of the hacker group, the experts say it’s possible that they planted hidden back doors across the network to continue infiltrations after the initial breach.

Chinese Hackers Breached LoopPay, Whose Tech Is Central to Samsung Pay [The New York Times]

Want more consumer news? Visit our parent organization, Consumer Reports, for the latest on scams, recalls, and other consumer issues.