Freely subscribe to our NEWSLETTER

As early as March, the hackers — alternatively known as the Codoso Group or Sunshock Group by those who track them — had breached the computer network of LoopPay, a start-up that was acquired by Samsung in February for more than $250 million.

LoopPay executives said the hackers appeared to have been after the company’s technology, known as magnetic secure transmission, or MST, which is a key part of the Samsung Pay mobile payment wallet that made its public debut in the United States last week.

If you are planning to cover this story, please see below for a comment from Mark Bower, global director, enterprise data security for HP Data Security.

"No-one is free from breach risk. If you store, process and collect sensitive data, especially payments and personal data, your business is on the radar of attackers, period. Forensics are a powerful tool to discover the extent of a breach, but by then the data is long gone. Any company today has to assume a breach will happen and take more advanced threat mitigation measures. The payments business has learned the lesson hard over the years, and embraced far more powerful approaches to data security than traditional perimeter and storage encryption provides. Today, the best-in-class businesses secure the data itself, not just the infrastructure, securing billions of transactions representing trillions of dollars in value with new technologies like Format-Preserving Encryption and stateless tokenization. The result is they don’t keep any live data anywhere it can be stolen. This is a huge shift from older perimeter or disk and database encryption approaches which simply can’t withstand advanced attacks like those reported in this case.”