Acer Confirms Online Store Breach, Nearly A Year’s Worth Of Credit Card Data Exposed
If you've shopped at Acer's US website at any point between May 12, 2015 and April 28, 2016, you have immediate reason for concern. Acer has just revealed to the California Attorney General's office that its ecommerce servers were hit last spring, and remained vulnerable up until this spring. Unfortunately, this isn't a mere case of someone gaining access to names and addresses - it gets much worse.
Acer admits that credit card information could have been fetched by these third parties, which includes not only the credit card number, but also the CCV security code and expiry date. It's not clear at this point if 100% of the credit card digits were revealed, or if some were obfuscated. Either way, it's very rare when we hear about CCVs included in a leak, so it's clear that Acer's security protections were not so hot.
Acer claims that it has no knowledge of anyone being adversely affected by this attack, although it's still investigating the effects, with the help of law enforcement. We'd have to imagine that the attacker (or attackers) who wanted information off of this server won't care as much about names and addresses as much as they will the full credit card information.
Acer is encouraging all customers who shopped at its main US website to review their accounts for any and all anomalies. If you happen to spot anything out of the ordinary, you're able to file your own police report, or contact the FTC or State Attorney General's office.
As social security numbers were not part of the information leaked, Acer sees little risk of any of its customers becoming victim to identity theft. Nonetheless, it's worth evaluating your accounts close to avoid any future issue.