Experts contacted by the NYT aren't sure there's enough evidence yet to back that statement, however. For starters, LoopPay never discovered the breach itself -- the company's info was actually spotted by a third party probing the Codoso hackers for a separate attack. As a result, the group, which is allegedly backed by the Chinese government, was inside LoopPay's corporate system for nearly five months. And Codoso has a reputation for leaving backdoors, allowing them to return for another attack, as Forbes and Microsoft found out earlier this year during a breach.
However, LoopPay said that there's no evidence that the group has stolen any customer data or financial information. Samsung said that the attack was an "isolated incident that targeted the LoopPay corporate network, which is a physically separate network (from Samsung Pay)." Nevertheless, LoopPay launched an investigation just over a month before the payment system was launched in the US -- an insufficient period to thoroughly investigate a hack, according to a recent security study.