The Channel logo


By | Shaun Nichols 17th June 2016 17:43

You Acer holes! PC maker leaks payment cards in e-store hack

Lost info includes names, addresses, numbers and security codes

Acer's insecure customer database spilled people's personal information – including full payment card numbers – into hackers' hands for more than a year.

The PC maker has started writing to customers [PDF] warning that their personal records were siphoned off from its online store by crooks between May 12, 2015 and April 28, 2016.

Acer did not say how many customers had their details swiped.

The lost data includes customer names, addresses, card numbers, and three-digit security verification codes on the backs of the cards. Acer says that no passwords or social security numbers were obtained by the thieves, which will be of no comfort whatsoever to the victims.

"We took immediate steps to remediate this security issue upon identifying it, and we are being assisted by outside cybersecurity experts," said Acer vice-president of customer service Mark Groveunder.

"We have reported this issue to our credit card payment processor. We have also contacted and offered our full cooperation to federal law enforcement."

Acer urges customers who suspect their card numbers are being used for fraudulent charges to file reports with the police.

"If you suspect that you are a victim of identity theft or fraud, you have the right to file a police report," Groveunder added in the letter.

"In addition, you may contact your State Attorney General’s office or the US Federal Trade Commission to learn about steps you can take to protect yourself against identity theft."

Acer did not say if will be providing identity protection services to the folks whose payment card information it lost. The Taiwanese giant has since addressed the security vulnerability that allowed hackers to access its ecommerce website's database.

"We regret this incident occurred, and we will be working hard to enhance our security," Groveunder said.

Acer told El Reg its EMEA store was unaffected. "Customers in EMEA are not impacted since we have a different security and payment system for our ecommerce stores in the UK, France and Italy. In addition our ecommerce stores in those countries only went live approximately one month ago," a spokesperson said. ®

comment icon Read 22 comments on this article or post a comment alert Send corrections


Frank Jennings

What do you do? Use manual typwriters or live in a Scottish croft? Our man advises
A rusty petrol pump at an abandoned gas station. Pic by Silvia B. Jakiello via shutterstock

Trevor Pott

Among other things, Active Directory needs an overhaul
Baby looks taken aback/shocked/affronted. Photo by Shutterstock

Kat Hall

Plans for 2 million FTTP connections in next four years 'not enough'
Microsoft CEO Satya Nadella


League of gentlemen poster - Tubbs and Edward at the local shop. Copyright BBC
One reselling man tells his tale of woe