In less than two weeks since Samsung Pay was launched in the US, reports suggest that hackers had attacked Samsung subsidiary LoopPay in March this year. The attack, however, did not affect Samsung Pay.
According to The New York Times, LoopPay was targeted by "a group of affiliated Chinese hackers" known as the Codoso or Sunshock Group. The hackers breached the computer network of the Massachusetts subsidiary to gain access to its proprietary magnetic secure transmission (MST) technology, which is key to the South Korea-based company's mobile payments app.
Samsung and LoopPay executives have confirmed that the hack had taken place. However, in a separate statement, Samsung's chief privacy officer Darlene Cedres has said that the LoopPay attack had no connection with the mobile payment app. The company is considering the attack as a "corporate network issue".
"Samsung Pay was not impacted and at no point was any personal payment information at risk," Cedres said. "This was an isolated incident that targeted the LoopPay corporate network, which is a physically separate network. The LoopPay corporate network issue was resolved immediately and had nothing to do with Samsung Pay."
Samsung Pay operates on its own mobile division and was physically on a separate network to the one that LoopPay uses. The Korean giant had acquired the mobile payments startup for more than $250m (£163.2m). Samsung Pay is available on some flagship Galaxy devices including the Galaxy Note 5 and Galaxy S6 Edge+.
Further, LoopPay had hired two private forensics teams to investigate the breach in August, a month before Samsung Pay was launched in the US. But, LoopPay's chief executive and co-general manager of Samsung Pay, Will Graylin, was quoted as saying: "...it has not yet notified law enforcement about the attack".
Samsung had acquired LoopPay to take on Apple Pay and Android Pay, and since the service has got MasterCard Digital Enablement system integrated it is likely to reach European markets in the due course of time.