Acer’s online store servers hacked, some customer data from the US and Canada at risk
Last week, Acer informed the Attorney General of California that its online store had been compromised by hackers. The company followed-up that notice with a letter to affected customers that a security vulnerability compromised their personal data.
Unfortunately, it looks as though the hackers obtained close to a full year’s worth of credit card data and customer information – names, addresses, credit card numbers, expiration dates, and CVC codes. In other words, everything needed to commit credit card fraud. Interestingly, logins and passwords to Acer’s e-commerce site do not appear affected (but that has not been ruled out).
Acer says it has notified all affected customers, all of whom reside in the United States, Canada, and Puerto Rico. In all, 34,500 customers were affected. How did this happen? It is reported that Acer “inadvertently stored [the stolen data] in an unsecured format.”
Inadvertent or not, it is obviously a serious error. In the letter sent to customers, Acer only admonished customers to keep an eye on their personal identity data via free annual credit reports and if some fraudulent activity is detected, to file a police report and freeze their credit profile. Acer also noted that is has brought in an outside security firm to assist with shoring up the vulnerability, and has reported the issue to their credit card processing partner.
If you have made a purchase from Acer over the past year (perhaps to purchase one of their affordable Liquid series Android smartphones, a Chromebook, laptop, or other gadgets), and have not received a letter from the company, it may still be a good idea to give your credit card issuer a heads-up. With so much information compromised, it is a little disappointing that Acer is not offering up a year or two of identity theft protection services. However, as various legal authorities are involved at state and federal levels, those remedies may yet be forthcoming.
sources: PCWorld and ZDNet