Acer settles online breach probe for $115k: Difference between revisions

{{Irrelevant}}

 

[[Acer]] agreed to pay $115,000 and reform its data security practices after a year-long lapse exposed the personal and financial information of more than 35,000 customers.<ref name=":0">{{Cite web |last=Schneiderman |first=Eric |date=2017-01-26 |title=A.G. Schneiderman Announces Settlement With Computer Manufacturer After Data Breach Exposed More Than 35,000 Credit Card Numbers |url=https://ag.ny.gov/press-release/2017/ag-schneiderman-announces-settlement-computer-manufacturer-after-data-breach |url-status=live |access-date=2025-08-18 |website=New York State Attorney General's Press Releases}}</ref><ref>{{Cite web |last=Mlot |first=Stepanie |date=2017-01-27 |title=Acer Settles Online Breach Probe for $115k |url=https://www.pcmag.com/news/acer-settles-online-breach-probe-for-115k |url-status=live |access-date=2025-08-18 |website=PC Mag}}</ref> The New York Attorney General’s office found that Acer left its U.S. website misconfigured and in debugging mode, allowing attackers to access unencrypted credit card details and other sensitive data between 2015 and 2016.

According to the customer notice letter submitted to the California Attorney General’s office:<ref>Acer's Notice of Breach to Customers [https://oag.ca.gov/system/files/Customer%20Notice%20Letter%20-%20California_0.pdf? https://oag.ca.gov/system/files/Customer%20Notice%20Letter%20-%20California_0.pdf?]</ref>

Consumers expressed frustration, distrust, and tangible harm following Acer’s data breach. On HardForum, several posters reported that they never received a notification from Acer despite being affected, and some discovered fraudulent charges on their credit cards after purchasing through Acer’s online store.<ref>{{Cite web |author=HardOCP News |date=2016-06-20 |title=Acer Admits Hackers Stole Up To 34,000 Customer Credit Cards |url=https://hardforum.com/threads/acer-admits-hackers-stole-up-to-34-000-customer-credit-cards.1902876/ |url-status=live |access-date=2025-08-18 |website=[H]ardForum}}</ref> Others criticized Acer for mishandling sensitive payment data, particularly for storing CVV codes, which violates standard payment card security rules. The overall tone was one of anger at both the breach and Acer’s poor communication.

On The Register’s forum, reactions were similarly skeptical and critical.<ref>{{Cite web |last=Nichols |first=Shaun |date=2016-06-17 |title=You Acer holes! PC maker leaks payment cards in e-store hack |url=https://www.theregister.com/2016/06/17/what_a_pain_in_the_acer/ |url-status=live |access-date=2025-08-18 |website=The Register}}</ref> Commenters condemned Acer for failing to follow PCI DSS compliance standards and for allowing card verification codes to be compromised.<ref>{{Cite web |last=Pasher |first=Justin |date=2016-06-17 |title=Re: Storing CC security verification codes |url=https://forums.theregister.com/forum/all/2016/06/17/what_a_pain_in_the_acer/ |url-status=live |access-date=2025-08-18 |website=Forum on 'The Register'}}</ref> Some users confirmed they did receive breach notification letters, though experiences varied widely. Many expressed concern that Acer’s negligence would push costs and risks onto consumers through fraudulent charges and credit monitoring needs.