UK customers are safe from Acer credit card hack, company says

"Unauthorised access" by third party may have compromised e-commerce site

Fraud

Acer has confirmed it did suffer a data breach last week, but has stated that UK customers are not affected.

Acer's e-commerce site was targeted by hackers looking to steal payment credentials, it emerged last week. However, the company today clarified that only US customers were affected.

In a statement, an Acer spokeswoman said: "Acer's e-commerce stores in EMEA are not impacted by a potential security incident reported in the US. Only the information of certain customers who used Acer's US ecommerce site are affected. Acer in EMEA uses industry compliant processing and security systems, and its ecommerce stores are hosted separately from other regions."

Advertisement - Article continues below

"Safeguarding our customers' personal information is very important to us and a top priority for all our online operations. We value the trust our customers place in us," she added.

17/06/2016: Acer customers may have had card data stolen in possible hack

Laptop and hardware manufacturer Acer has suffered a data breach, according to reports.

Unauthorised access by a third party of Acer's e-commerce platform led to customers' names, addresses, payment card numbers, card expiration dates and security codes possibly being compromised, Softpedia has reported.

The news site has published what it claims is a pre-release version of a letter about to be sent to potentially affected customers.

Advertisement
Advertisement - Article continues below

"We took immediate steps to remediate this security issue upon identifying it, and we are being assisted by outside cybersecurity experts," the draft letter reads.

"We have reported this issue to our credit card payment processor. We have also contacted and offered our full cooperation to federal law enforcement," it adds.

Advertisement - Article continues below

The only law enforcement mentioned in the letter is the Federal Trade Commission (FTC) and it also makes reference to consumer rights under US law. This is not necessarily proof that only American customers have been affected, however, as it is possible the company may be sending out localised notifications.

Stephen Gates, chief research intelligence analyst at security firm NSFOCUS, said: "It appears hackers had access to private data for almost a year. This again is another perfect example of how hackers remain persistent in a network without anyone knowing it.

"In addition, breaches like this begs one to ask, Why did Acer find it necessary to store user information that included credit card numbers, expiration dates, and CVV numbers?' Is there ever a need to store all of that information long-term? Sure, it makes check-out more convenient when making an online purchase, but how long does it take to re-enter that information anyway?

Advertisement - Article continues below

"The recommended practice would be to delete that information, once a transaction is complete. When you have all three (credit card number, expiration data, and CVV) you basically have the keys to the kingdom, so to speak."

IT Pro contacted Acer for verification of the reports and comment on the matter, but had not received a response at the time of publication.

Featured Resources

Top 5 challenges of migrating applications to the cloud

Explore how VMware Cloud on AWS helps to address common cloud migration challenges

Download now

3 reasons why now is the time to rethink your network

Changing requirements call for new solutions

Download now

All-flash buyer’s guide

Tips for evaluating Solid-State Arrays

Download now

Enabling enterprise machine and deep learning with intelligent storage

The power of AI can only be realised through efficient and performant delivery of data

Download now
Advertisement

Recommended

Visit/security/355013/10-quick-tips-to-identifying-phishing-emails
Security

10 quick tips to identifying phishing emails

16 Mar 2020
Visit/business-strategy/mergers-and-acquisitions/354941/panda-security-to-be-acquired-by-watchguard
mergers and acquisitions

Panda Security to be acquired by WatchGuard

9 Mar 2020
Visit/security/internet-security/354417/avast-and-avg-extensions-pulled-from-chrome
internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019
Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Visit/infrastructure/server-storage/355118/hpe-warns-of-critical-bug-that-destroys-ssds-after-40000-hours
Server & storage

HPE warns of 'critical' bug that destroys SSDs after 40,000 hours

26 Mar 2020
Visit/software/video-conferencing/355138/zoom-beaming-ios-user-data-to-facebook-for-targeted-ads
video conferencing

Zoom beams iOS user data to Facebook for targeted ads

27 Mar 2020
Visit/software/355113/companies-offering-free-software-to-fight-covid-19
Software

These are the companies offering free software during the coronavirus crisis

25 Mar 2020
Visit/mobile/mobile-phones/355088/apple-lifts-iphone-purchase-restrictions
Mobile Phones

Apple lifts iPhone purchase restrictions

23 Mar 2020