Acer's insecure customer database spilled people's personal information – including full payment card numbers – into hackers' hands for more than a year.
The PC maker has started writing to customers [PDF] warning that their personal records were siphoned off from its online store by crooks between May 12, 2015 and April 28, 2016.
More ReadingT-Mobile Czech ad man steals, sells, 1.5 million customer recordsJust a quarter of Brits trust businesses with our personal dataOooooklahoma! Where the cops can stop and empty your bank cards – on just a hunchFlash. Bang. Wallet: Marcher crooks target UK Android usersMiscreants demand Bitcoins to stay silent on 'dirty secrets' of Tumblr, LinkedIn hack victims
Acer did not say how many customers had their details swiped.
The lost data includes customer names, addresses, card numbers, and three-digit security verification codes on the backs of the cards. Acer says that no passwords or social security numbers were obtained by the thieves, which will be of no comfort whatsoever to the victims.
"We took immediate steps to remediate this security issue upon identifying it, and we are being assisted by outside cybersecurity experts," said Acer vice-president of customer service Mark Groveunder.
"We have reported this issue to our credit card payment processor. We have also contacted and offered our full cooperation to federal law enforcement."
Acer urges customers who suspect their card numbers are being used for fraudulent charges to file reports with the police.
"If you suspect that you are a victim of identity theft or fraud, you have the right to file a police report," Groveunder added in the letter.
"In addition, you may contact your State Attorney General’s office or the US Federal Trade Commission to learn about steps you can take to protect yourself against identity theft."
Acer did not say if will be providing identity protection services to the folks whose payment card information it lost. The Taiwanese giant has since addressed the security vulnerability that allowed hackers to access its ecommerce website's database.
"We regret this incident occurred, and we will be working hard to enhance our security," Groveunder said.
Acer told El Reg its EMEA store was unaffected. "Customers in EMEA are not impacted since we have a different security and payment system for our ecommerce stores in the UK, France and Italy. In addition our ecommerce stores in those countries only went live approximately one month ago," a spokesperson said. ®