The Taiwanese IT giant Acer recently confirmed to California’s Attorney General (AG) that unknown hackers compromised its online store and accessed customers’ sensitive data.
The leaked data includes credit card numbers, expiry dates, CVC security codes, customer names, and addresses. At the time I was writing there is no evidence that hackers accessed account login credentials.
According to ZDNet, roughly 34,500 customers from United States, Canada, and Puerto Rico, have been affected by the security breach.
“We recently identified a security issue involving the information of certain customers who used our ecommerce site between May 12, 2015 and April 28, 2016, which resulted in unauthorized access by a third party.” wrote Acer in a letter. “Based on our records, we have determined that your information may have been affected, potentially including your name, address, card number ending in [insert], expiration date and three-digit security codes. We do not collect Social Security numbers, and we have not identified evidence indicating that password or login credentials were affected.”
It is still unclear how the hackers breached the company servers, Acer only confirmed that attackers exploited an unspecified security issue.
According to an Acer form letter submitted to California’s AG, that hackers had access to data in the Acer server for more than a year, from May 12, 2015 to April 28, 2016.
Acer users are exposed to the risk of credit card fraud for this reason the company took immediate steps to solve the security issue and protect its customers.
“We took immediate steps to remediate this security issue upon identifying it, and we are being assisted by outside cybersecurity experts,” said the Acer vice-president of customer service Mark Groveunder.
“We have reported this issue to our credit card payment processor. We have also contacted and offered our full cooperation to federal law enforcement.”
Acer invites customers who suspect to be victims of card frauds to file reports with the law enforcement
“If you suspect that you are a victim of identity theft or fraud, you have the right to file a police report,” Groveunder added in the letter.
“In addition, you may contact your State Attorney General’s office or the US Federal Trade Commission to learn about steps you can take to protect yourself against identity theft.”
Acer did not confirm if will be providing identity protection services to the customers affected by the security breach.
Security Affairs – (Acer, card fraud)