BURLINGTON, Mass.—LoopPay, the technology behind Samsung Pay, has allegedly been breached by a group of government-affiliated Chinese hackers.
The New York Times is reporting that as early as March hackers breached the computer network of LoopPay, a start-up here that was acquired by Samsung in February.
The crooks appeared to have been after the company’s technology, known as magnetic secure transmission, or MST, which is a key part of Samsung Pay, which has debuted in the U.S.
While Samsung Pay works with NFC terminals, as does Apple Pay, LoopPay also allows Samsung Pay to work with traditional magnetic stripe terminals. MST "spoofs" a traditional card swipe with magnetic fields when users hold their device near a payment terminal.
The attackers are believed to have broken into LoopPay’s corporate network, but not the production system that helps manage payments, Will Graylin, LoopPay’s chief executive and co-general manager of Samsung Pay, told the Times. Graylin said that security experts were still looking through LoopPay’s systems, but that there had been no indication that the hackers infiltrated Samsung’s systems or that consumer data had been exposed.
LoopPay did not learn of the breach until late August, when an organization came across LoopPay’s data while tracking the Chinese hackers in a separate investigation.
Both LoopPay and Samsung executives said they were confident that they had removed infected machines, and that customer payment information and personal devices were not affected.
“Samsung Pay was not impacted and at no point was any personal payment information at risk,” Darlene Cedres, Samsung’s chief privacy officer, said in a statement. “This was an isolated incident that targeted the LoopPay corporate network, which is a physically separate network. The LoopPay corporate network issue was resolved immediately and had nothing to do with Samsung Pay.