Vendor Risk Management

Samsung / LoopPay Breach Illustrates Third-Party Cyber Risks for Enterprises

Noah Simon | October 13, 2015

Last week, it was announced that LoopPay (now a Samsung subsidiary) was the victim of a data breach. LoopPay’s technology is apparently central to Samsung’s mobile payment system, yet Samsung said the breach has not affected the Samsung Pay technology. While the LoopPay breach did not extend to Samsung’s networks, the case illustrates how enterprises must evaluate security throughout the entire lifecycle of a relationship with a business partner, vendor, supplier, or portfolio member.

According to the New York Times, the breach of LoopPay dates back to March, yet it was recently discovered in August. Samsung bought the company for roughly $250 million in February, just one month before the reported breach. Acquisitions have long been targeted for cyber attacks before joining a parent company.

In August 2014, Viator (a tour booking company) was bought by TripAdvisor. Just a few weeks later, Viator was notified by its payment card service provider that unauthorized charges occurred on many of its customers credit cards. The breach affected 1.4 million users and led to a four percent drop in TripAdvisor’s stock when the news broke.

For Samsung, the acquisition of LoopPay was integral to compete with mobile payment technologies like Apple Pay and Android Pay. These breaches illustrate how security incidents in a third party can spread to the parent company. Furthermore, they illustrate how reputation, revenue, and strategic initiatives can suffer from these setbacks.

Find out how BitSight Security Ratings can be used to mitigate risks in mergers and acquisitions transactions.

Third Party Risk Management

 

Suggested Posts

Third-Party Risk Management Best Practices for Enterprise

Companies are becoming increasingly reliant on third-party relationships, and cyber attacks originating in the systems of third parties are on the rise.

READ MORE »

Airbus Incident Shines Spotlight on Third-Party Vendor Security Risks

2019 has been a year of high-profile attacks, and, as we predicted, it’s only getting worse. That’s certainly the case for Airbus.

READ MORE »

A Vendor Risk Management Questionnaire Template

IT Risk Assessment Questions for Third Parties

Digital relationships with third-party vendors increase opportunities for growth, but they also increase opportunities for cyberattacks — a recent study found that 61% of U.S. companies said...

READ MORE »

Subscribe to get security news and updates in your inbox.