The shocking Acer data breach was caused by the company “inadvertently” storing consumer data in an unsecured format.
The Acer data breach compromised the information of nearly 34,500 Acer online shoppers. This is what the company reportedly told PCWorld only days after Yahoo! announced the security breach of millions of records in 2014.
As a result, a hacker obtained unauthorized access to the data between May 12, 2015, and April 28, 2016. The thief was able to access to names, addresses, card numbers, expiration dates, and three-digit security codes. Acknowledgment of the Acer data breach was filed with the California Attorney General.
“Upon identifying this issue, we took immediate steps to fix the problem. We are working with our own and with outside cyber-security experts to enhance our security” said an Acer spokesperson. It only took months to report, instead of two years like Yahoo. This makes it looks like they’re really trying to be transparent.
Acer notified law enforcement and those individuals who were affected. Here is what a portion of the letter said:
We recently identified a security issue involving the information of certain customers. They used the e-commerce site between May 12, 2015 and April 28, 2016. The site was accessed without authorization by a third party.
What Information Was Involved
Based on our records, we have determined that your information may have been affected, potentially including your name, address, card number ending in [insert], expiration date and three-digit security codes. We do not collect Social Security numbers and we have not identified evidence indicating that password or login credentials were affected.
What Acer Is Doing
Safeguarding your personal information is important to us. We took immediate steps to remediate this security issue upon identifying it, and we are being assisted by outside cyber-security experts. Acer has reported this issue to their credit card payment processor. We have also contacted and offered our full cooperation to federal law enforcement.
Mark Bower, HPE global director of product management, said that there is no reason Acer needed to store payment card data in any form on their systems.
“Today, there are specific and simple-to-deploy technologies that mitigate the risk of cyber attacks to e-commerce sites,” he said. “Thousands of leading merchants and well-known, name-brand online stores throughout the world have already adopted these approaches with great success, either on their premises or through payment processors services. With them, the risk of an attack being successful is absolutely minimized – attackers get nothing of value, just meaningless random data.”
Bower added that tokenization is the de-facto approach to avoid cardholder data from needing to be stored while still letting analytics and applications function without live data risks.
Have Trust Guard, the leader in website security, monitor your website while displaying their trust seals to increase your conversion rate.