NEW YORK (MainStreet) — The news is frightening: sophisticated hackers got into the corporate system of Burlington, Mass. based payments innovator LoopPay, now part of Samsung and the provider of much of the brains behind Samsung Pay, its Apple Pay competitor that launched in the U.S. in late September.
Users of Samsung Pay need to ask if it remains safe to use the service.
That is why Samsung has launched a full court press to quiet consumer and merchant worries. Said the company in a statement: “Samsung Pay was not impacted and at no point was any personal payment information at risk. This was an isolated incident that targeted the LoopPay corporate network, which is a physically separate network from Samsung Pay. The LoopPay corporate network issue was resolved immediately and had nothing to do with Samsung Pay. Samsung is extremely committed to securing and protecting user data to the highest industry standards.”
Experts readily dissected the Samsung statement.
“Samsung is clearly trying to downplay what occurred,” said Peter Toren, cybersecurity attorney with Weisbrod Matteis & Copley in Washington, D.C. and author of Intellectual Property and Computer Crimes (Law Journal Press, 2015). Toren threw out two key questions that yet to have been answered: “How long were the hackers in the system? What were they trying to accomplish?” He suggested that Samsung’s comparative stinginess with details is a barrier to feeling reassured.
Christopher Budd, a security expert with Trend Micro, tossed out a more worrisome thought: “It looks as though Samsung may have been the ultimate target.” His thinking: proven hacker methodology is to find a weak link - an HVAC contractor, say - and leverage from that system into the objective. For example, the Target breach happened, in part, because of weaknesses at its HVAC contractor. That is a standard gambit. So maybe LoopPay could have led into Samsung - but there is no proof that occurred.