Tip Us Hey you, we are hiring! Join us if you are an author, developer or designer!

Acer to pay $115k as a settlement with NY for data breach

27 January 2017 3

In 2015, Acer’s misconfigured website invited many hackers to compromise the data of around 35,000 customers. Acer’s technical support had made some serious security errors by leaving the company’ e-commerce platform in debugging more from July 2015 until April 2016.

This mistake resulted in the storage of all the unencrypted data into the plain-text log file. The team then misconfigured the company website to allow directory browsing by any unauthorized user.

One hacking group noticed and stole the data between November 2015 and April 2016. The hackers took an advantage of the credentials of the users who used the website in this time period. This lead to the leaked legal names, usernames and passwords, physical addresses and credit card numbers with verification codes for over 35,000 individuals in the US, Canada, and Puerto Rico.

Acer admitted this back in June that someone stole credit card information for nearly 35,000 individuals who bought from the company’s online store. The electronics giant finally settled with the New York Attorney General's office and will provide $115,000 in penalties along with an assurance to shore up their digital security.

This is a horrifying incident and a major flaw from the Taiwanese company who couldn’t recognize what was going for almost more than 15 months.

“Businesses have a duty to protect their customers’ personal information as securely as possible,” said Attorney General Schneiderman. “Lax security practices like those we uncovered at Acer put New Yorkers’ credit card information and other personal data at serious risk. That’s unacceptable, and will change under the terms of our settlement today. My office will continue to hold businesses accountable for protecting their customers’ private information.”


3

comments

Acer to pay $115k as a settlement with NY for data breach
Write a comment...
DevRahul

From July 15 to April 16 is a huge time duration considering considering it can give so much time for hackers to do whatever they can in that time. And I think that's a seriously heavy mistake.

Android

Android 12 Developer Preview 1 out; Final release set for H2 2021

Windows

Microsoft details Windows 10 21H1 update set to arrive in Spring

Events

Samsung "Unbox & Discover 2021" event on March 2 to unveil new TVs

Android

Huawei Mate X2 foldable phone launching on Feb 22 | UPDx2: Teaser