Acer Security Breach Compromises Customers’ Credit Cards

Computer hardware maker Acer has quietly admitted and informed the attorney general in California that its online store was targeted in an attack by hackers.

Taiwanese tech giant Acer has turned in a letter informing the California attorney general about an unauthorized third party accessing its servers. The hacker or hacker group has taken an entire year’s accumulation of names, addresses and credit card data.

The affected data contains records collected between May 2015 and April 2016, as reported by ZDNet which broke the news.

The stolen data includes information of Acer customer names, addresses and notably, their credit card numbers including expiry dates and the CVC security code. The hack affects customers in the United States, Canada and Puerto Rico. Altogether, 34,500 customer details are compromised.

While it is yet unknown as to how the hackers breached Acer’s servers, there is an active ongoing investigation conducted by the company and law enforcement agencies.

The existence of credit card information including entire card details along with the expiry and CVC security code increases the likelihood of affected customers falling prey to fraud and identity theft.

The company admitted that it had “inadvertently stored [the data] in an unsecured format” in a statement to PCWorld.

The form letter submitted by Acer to the attorney general in California can be found here [PDF].

For its part, Acer insists that it does not collect Social Security Numbers from customers. The hardware manufacturer also adds that it has not identified any activity or evidence indicating that login credentials are affected. Acer has also reported the credit card breach to its payment processor.

Featured image from Shutterstock.

Samburaj is the contributing editor at Hacked and keeps tabs on science, technology and cyber security.