Hackers Harvest Card Details from Acer for Almost a Year

Written by

Taiwanese hardware and electronics giant Acer has announced that it has suffered a data breach via its e-commerce site.

The compromise was active for almost a year, making the potential victim pool rather large. Essentially, anyone who accessed the online store between May 12, 2015 and April 28, 2016 could have had their names, addresses, payment card numbers, card expiration dates and card security codes hacked.

However, investigations by internal and external professionals have concluded that login details were not compromised.

Acer has submitted a data breach notice to the California Attorney General’s Office.

“Safeguarding your personal information is important to us,” the company said. “We took immediate steps to remediate this security issue upon identifying it, and we are being assisted by outside cybersecurity experts. We value the trust you place in us. We regret this incident occurred, and we will be working hard to enhance our security.”

 “Data breaches are becoming increasingly commonplace, with Acer to be the latest to suffer, but by no means does that mean they shouldn’t be taken seriously at all times,” said David Navin, head of corporate at Smoothwall, via email. “It is now not about if a breach occurs, but when. As a result, companies need to ensure that they have a robust security system in place in order to mitigate these risks and to safeguard their data should a breach occur.”

He added, “When it comes to payment details especially, customers are incredibly sensitive and businesses can lose the trust and faith of its customers, which as we have seen can have severe repercussions for the business. It is imperative that businesses take extra care to ensure that their customers' details are protected and encrypted. Beginning with a firewall, encryption and good security software, if companies have those measures in place and continue to layer on top of that, then it will reduce the chances of a data breach or attack.”

Also, he pointed out that given that the majority of security breaches occur due to human error, ensuring a strong security culture is instilled throughout the workforce is therefore extremely vital.

“Security needs to be taken seriously at all levels of the organization, to guarantee that all employees understand the risks of their actions and know the security processes in place should an incident occur to mitigate the risks,” he said.

Photo © wk1003mike

What’s hot on Infosecurity Magazine?