Security breach at Acer compromises sensitive data of 34,500 online shoppers

21 Jun 2016

The latest online payment disaster involved the well-known computer maker Acer, who reported that 34,500 credit-card numbers had been leaked.

As required by law in California, Acer gave the state's attorney general a copy of a form letter which notified customers about its data breach. The California attorney general's office posted the letter online late last week.

According to the form letter, Acer would notify customers who purchased goods through the Acer website between 12 May, 2015 and 28 April, 2016 that a "security issue" might have compromised their information.

The information includes names and addresses of customers and also their customer's credit-card number, along with expiration date and the security code printed on the back of the card. With the information, even a rookie attacker could start making fraudulent purchases in the name of users.

Acer did not give any specific details as to what kinds of security precautions it used to safeguard customers' information, and also whether the breach occurred on Acer's own servers or on that of a third party.

Acer told  the security solution site Softpedia that the breach affected approximately 34,500 people in the US, Canada and Puerto Rico.

It was not clear how the hackers got into Acer's servers as the company had only said it was the result of an unspecified ''security issue.''

Acer told PCWorld, it had ''inadvertently stored [the stolen consumer data] in an unsecured format,'' adding that hackers were therefore able to access the sensitive data ''for customers who made a purchase on the site [between May 12, 2015 and April 28, 2016].''

According to commentators, the hack luckily affected only a small segment of online shoppers, but it went to show that no matter how careful one was with the data on one's PC, some hacks were beyond control.