Samsung revealed that LoopPay, the startup company that it acquired earlier in the year for $250 million, was the target of a hacking attack.
LoopPay, which developed part of the technology behind Samsung's mobile payment system Samsung Pay, was targeted by the Codoso Group. The hacking group is sponsored by the government of China.
The hackers, also known as the Sunshock Group, breached LoopPay's computer network as early as March, just a month after the company was acquired by Samsung.
According to executives of LoopPay, the hackers seem to have targeted the technology of the company, known as magnetic secure transmission, which is an integral component of Samsung Pay.
The magnetic secure transmission technology of LoopPay provided Samsung Pay with an enormous advantage over rival mobile payment systems Apple Pay and Google's Android Pay. While all the systems allowed users to make purchases using near-field communications technology, Samsung Pay also worked with the older payment systems through the emulation of magnetic stripe cards.
LoopPay only found out about the data breach in August, when an organization discovered data from LoopPay as it was tracking the activities of the Codoso Group.
It is believed that while the hackers were able to breach the corporate network of LoopPay, the group was not able to infiltrate the production system of the company. According to LoopPay CEO and Samsung Pay co-general manager Will Graylin, there is no indication that the attackers were able to jump to the systems of Samsung and compromise user data.
In a statement, Samsung reiterated that users should not be worried about being affected by the data breach on LoopPay.
"The first thing to know is that Samsung Pay was not impacted and at no point was any personal payment information at risk," Samsung said in the statement, adding that the office network of LoopPay is physically separated from the network that runs Samsung Pay.
However, security experts are saying that it is too early to conclude what the hackers were and were not able to do, as they were within the corporate network of LoopPay for a long period of five months before they were found out. In addition, the Codoso Group is notorious for keeping a hidden foothold in the systems of its victims, with the group known for planting hidden back doors in systems to be able to continue their breaching activities well after the first infiltration.
The news comes at an especially bad time for Samsung, spoiling the excitement generated by the company as it released expectations of posting its first quarterly profit gain in two years.