Acer E-Commerce Site Breach Exposes 35,000 Customer Records

June 21, 2016

Acer E-Commerce Site Breach Exposes 35,000 Customer Records Computer hardware manufacturer Acer notified the California Attorney General’s office late last week its U.S. e-commerce site experienced a network intrusion that may have compromised personal and payment card information of nearly 35,000 customers. The breach, which went undiscovered for nearly a year between May 2015 and April 2016, exposed names, addresses, card numbers, expiration dates and CVV codes. The company noted in its letter it does not collect Social Security numbers. Acer also has assured customers that it “took immediate steps to remediate this security issue upon identifying it, and [is] being assisted by outside cybersecurity experts.” The Taiwan-based company said it is working with its processor and cooperating with federal law enforcement.

The intrusion comes at the same time as a new report from IBM and the Ponemon Institute that pegged the cost to companies that experience a breach at $4 million, a 29 percent increase since 2013. And, for e-commerce merchants, the stakes are even higher. Not only are they subject to expenses stemming from the breach like engaging forensic experts, providing credit monitoring or simply reputation damage, they also are liable for any fraud perpetrated against their company using information stolen from their own or any other breach.