Now Samsung has confirmed that the breach did occur and “he breach involves some source code relating to the operation of Galaxy devices, but does not include the personal information of our consumers or employees,” This is different than the NVIDIA breach where the attack group was able to compromise information about employee accounts.
One other item that was included in the dump from Lapsus$, is source code related to chipmaking partner Qualcomm. We are not sure the exact extent of the data leaked and have not spoken to anyone from Qualcomm about the incident, but it is not a good thing for Samsung.
We still do not know if a ransom was demanded from Samsung and there has been no odd story around “hacking back” from Lapsus$. We also are not certain that this breach is not related to the NVIDIA one in some way. Right now, this just appears to be a random release of source code until we get more information.
We will keep you informed as we get more information.