A group of government-affiliated Chinese hackers attacked LoopPay, a technology firm behind Samsung Pay, the mobile payment system of Samsung Electronics.
The New York Times reported that the Chinese hackers known as Codoso Group or Sunshock group breached the computer network of LoopPay in March before Samsung Electronics acquired the tech firm for $250 million.
Chinese hackers were after the MST technology on Samsung Pay
According to the executives of LoopPay, the Chinese hackers tried to steal, or they were after the company’s magnetic secure transmission (MST) technology, a major part of Samsung Pay.
Will Graylin. CEO of LoopPay and co-general manager of Samsung pay said the hackers accessed the company’s corporate network but failed to breach its production system that helps manage payments. He added that the hackers did not access Samsung’s system and consumer data.
The South Korean electronics giant launched Samsung Pay in the United States last week, September 28. Samsung Pay just like other mobile payment systems allows users to pay for products and services using their smartphones integrated with near-field communications technology.
The New York Times noted that LoopPay’s MST technology has the advantage because it works with older payment systems by imitating a commonly used magnetic stripe card.
LoopPay and Samsung resolved the issue immediately
LoopPay discovered the cyber attack in late August when a security organization tracking Codoso Group came across the company’s data in a separate investigation. The company hired two private forensic teams to investigate the hacking incidents.
According to Mr. Graylin, the company did not notify law enforcement agencies regarding the cyber attack because of its belief that no customer data or financial information was compromised or stolen.
LoopPay and Samsung removed all the machines affected by the hacking incident. The companies’ executives were confident that the personal devices and payment information of customers were not affected.
Samsung’s chief privacy officer, Darlene Cedres said, “Samsung Pay was not impacted and at no point was any personal payment information at risk. This was an isolated incident that targeted the LoopPay corporate network, which is a physically separate network. The LoopPay corporate network issue was resolved immediately and had nothing to do with Samsung Pay.”