Almost immediately after a report about a security breach on LoopPay emerged, Samsung issued a statement to assure users that its premium payment service was not affected in the incident.
The South Korean-tech giant also confirmed that its subsidiary has already taken the necessary steps to handle the cyber attack.
On October 7, the New York Times reported that LoopPay was targeted by government-backed hackers from China known as Codoso Group or Sunshock Group. The site then noted that the incident could affect Samsung Pay since aside from relying on the same technology, LoopPay, a start-up firm based in Massachusetts, is owned by Samsung. The smartphone maker bought the company for $250 million in February of this year.
However, a month after the acquisition, the Codoso Group was already able to infiltrate LoopPay's systems. However, the data breach was only discovered on August 21, more than a month after Samsung launched the Samsung Pay service in the U.S.
But, as noted by Samsung, the attack only targeted the network office of LoopPay, which handles the firm's email systems, printing operations and file servers. The company also stressed that Samsung Pay relies on a different network which was not breached during the hack.
In addition, Samsung explained that its mobile-based payment service uses encrypted tokens which cannot be replicated by hackers, according to Android Community.
"This network is physically separate from the production network that handles payment transactions and run by Samsung," the company said in a statement.
"We're confident that Samsung Pay is safe and secure," Samsung continued. "Each transaction uses a digital token to replace a card number. The encrypted token combined with certificate information can only be used once to make a payment. Merchants and retailers can't see or store the actual card data."
The consumer electronics company also stated the LoopPay has already resolved the matter with the help of two independent security teams. These professionals were already able to quarantine the affected devices and networks and installed additional security systems.
As for LoopPay, Will Graylin, the company's CEO, said that the hackers were not able to access the firm's customer data or any financial information. He also said that if the hackers attempt to use LoopPay's technology to create a service similar to Samsung Pay, the company will file a patent lawsuit.
Despite the reassuring statements from LoopPay and Samsung, security experts believe it's too early to downplay the effects of the hackers' attack since they were inside the former's network for around five months before being discovered. Currently, there is no way of telling if the Codoso Group was or was not able to accomplish their objective during that period.
