Acer Reaches Settlement after Exposing 35,000 Credit Card Numbers
The computer manufacturer Acer reached a settlement with New York Attorney General Eric Schneiderman after a data breach left 35,000 credit card numbers exposed on Acer’s website. While some cardholders lived in other states, most of the affected credit cards belonged to people living in New York.
In January 2016, Discover Card launched an investigation on a series of fraudulent transactions on credit cards, all rooting back to a purchase made on Acer’s website. The Attorney General’s office said “at least one attacker exploited Acer website vulnerabilities,” but they did not pinpoint the number of criminals involved with the breach.
The attack occurred between November 11, 2015 and April 28, 2016, during which time hundreds of requests were put in to collect sensitive consumer information. Collected data included email addresses, complete street addresses, credit card numbers, expiration dates, verification codes, website usernames, website passwords, and customers’ first and last names.
The 35,000 accounts pales in comparison to the one billion Yahoo accounts compromised in August 2013. The Acer breach resulted in $115,000 in penalties.
Acer has agreed to heighten its cybersecurity measures as part of the settlement, including new employee training measures and regular testing of the website’s security systems. The company has also corrected the misconfiguration that allowed the attacker to initially gather this information.