Vendor Risk Management

Samsung / LoopPay Breach Illustrates Third-Party Cyber Risks for Enterprises

Noah Simon | October 13, 2015

Last week, it was announced that LoopPay (now a Samsung subsidiary) was the victim of a data breach. LoopPay’s technology is apparently central to Samsung’s mobile payment system, yet Samsung said the breach has not affected the Samsung Pay technology. While the LoopPay breach did not extend to Samsung’s networks, the case illustrates how enterprises must evaluate security throughout the entire lifecycle of a relationship with a business partner, vendor, supplier, or portfolio member.

According to the New York Times, the breach of LoopPay dates back to March, yet it was recently discovered in August. Samsung bought the company for roughly $250 million in February, just one month before the reported breach. Acquisitions have long been targeted for cyber attacks before joining a parent company.

In August 2014, Viator (a tour booking company) was bought by TripAdvisor. Just a few weeks later, Viator was notified by its payment card service provider that unauthorized charges occurred on many of its customers credit cards. The breach affected 1.4 million users and led to a four percent drop in TripAdvisor’s stock when the news broke.

For Samsung, the acquisition of LoopPay was integral to compete with mobile payment technologies like Apple Pay and Android Pay. These breaches illustrate how security incidents in a third party can spread to the parent company. Furthermore, they illustrate how reputation, revenue, and strategic initiatives can suffer from these setbacks.

Find out how BitSight Security Ratings can be used to mitigate risks in mergers and acquisitions transactions.

Third Party Risk Management

 

Suggested Posts

Mitigating Risk in Your Expanding Digital Ecosystem

As time goes on, organizations are taking on more and more new digital transformation initiatives to become increasingly agile and boost productivity — dramatically transforming the number of digital touchpoints employees interact with on...

READ MORE »

FBI Alerts Companies of Cyber Attacks Aimed at Supply Chains

Earlier this month, ZDNet broke the news that the FBI had sent a cybersecurity alert to the U.S. private sector warning of an ongoing hacking campaign against supply chain software providers. According to the FBI, hackers are attempting to...

READ MORE »

Guide: Fourth-Party Cyber Risk & Management

In today’s interconnected world, supply chains are growing exponentially. As a result, third-party risk has become a big focus for senior management. But what about the vendors that your suppliers rely on and the threat of fourth-party...

READ MORE »

Subscribe to get security news and updates in your inbox.