Acer Security Flaw Exposed Customer Data For 11 Months

Hardware maker Acer has admitted its e-commerce site has suffered a security breach, and warns that customers may have had their information stolen because of the unauthorised access, according to Softpedia.

The Taiwanese company admitted in a notification to US law enforcement that users who visited the site between May 12 2015 and April 28 2016 are at risk, with customer names, addresses, and payment card details potentially accessed by hackers.

Acer has not revealed how many users were affected, but alerted the California Attorney General’s Office of a data breach as per US law. It is not yet known if customers from other countries were affected.

Risk

Acer has failed to make an official statement about the breach, leaving potentially thousands of customers at risk.

In the draft letter to customers, seen by Softpedia, Acer vice president Mark Groveunder said:

“We recently identified a security issue involving the information of certain customers who used our e-commerce site between May 12, 2015 and April 28, 2016, which resulted in unauthorized access by a third party

“Safeguarding your personal information is important to us.

“We took immediate steps to remediate this security issue upon identifying it, and we are being assisted by outside cybersecurity experts.

“We value the trust you place in us. We regret this incident occurred, and we will be working hard to enhance our security.”

Card expiration dates and three digit security codes may have also been leaked, admits the letter.

‘Nothing new’

TechWeekEurope has contacted Acer for more information, but the company had not responded at the time of publication.

Javvad Malik, security advocate at AlienVault, said that breaches like this are, unfortunately, not something new.

“The nature of business today is that organisations rely on many partners and suppliers to provide services to their customers. However, this supply chain needs to be managed and secured appropriately,” he said.

“Attackers will choose the path of least resistance to get into a company – and if it is well-secured, then this path will usually be through a third party that has legitimate access.”

Take our data breach quiz here!