Acer settles online breach probe for $115k - Revision history

Tempo123: Add missing archival URLs

2026-02-06T15:50:48Z

Add missing archival URLs

← Older revision		Revision as of 15:50, 6 February 2026
Line 21:		Line 21:
	===Acer's response===		===Acer's response===

	According to the customer notice letter submitted to the California Attorney General’s office:<ref>Acer's Notice of Breach to Customers [https://oag.ca.gov/system/files/Customer%20Notice%20Letter%20-%20California_0.pdf? https://oag.ca.gov/system/files/Customer%20Notice%20Letter%20-%20California_0.pdf?]</ref>		According to the customer notice letter submitted to the California Attorney General’s office:<ref>{{Cite web \|author=Mark Groveunder \|date= \|title=Acer's Notice of Breach to Customers \|url=https://oag.ca.gov/system/files/Customer%20Notice%20Letter%20-%20California_0.pdf \|url-status=live \|archive-url=https://web.archive.org/web/20161016121726/https://oag.ca.gov/system/files/Customer%20Notice%20Letter%20-%20California_0.pdf \|archive-date=2016-10-16 \|access-date=2026-02-06}}</ref>

	*Notification: Acer sent a formal ''Notice of Data Breach'' to impacted customers, informing them that if they shopped on the Acer e-commerce site between May 12, 2015 and April 28, 2016, their personal and payment information may have been exposed, including name, address, credit card number (with the last digits specified), expiration date, and CVV security code. Acer clarified the hackers did not collect Social Security numbers, and they had no evidence that passwords or login credentials were compromised California DOJ Attorney General. It should be noted that in the settlement with the New York State Attorney General, Acer admitted username and passwords were part of the breach.<ref name=":0" />		*Notification: Acer sent a formal ''Notice of Data Breach'' to impacted customers, informing them that if they shopped on the Acer e-commerce site between May 12, 2015 and April 28, 2016, their personal and payment information may have been exposed, including name, address, credit card number (with the last digits specified), expiration date, and CVV security code. Acer clarified the hackers did not collect Social Security numbers, and they had no evidence that passwords or login credentials were compromised California DOJ Attorney General. It should be noted that in the settlement with the New York State Attorney General, Acer admitted username and passwords were part of the breach.<ref name=":0" />
Line 37:		Line 37:
	==Consumer response==		==Consumer response==

	Consumers expressed frustration, distrust, and tangible harm following Acer’s data breach. On HardForum, several posters reported that they never received a notification from Acer despite being affected, and some discovered fraudulent charges on their credit cards after purchasing through Acer’s online store.<ref>{{Cite web \|author=HardOCP News \|date=2016-06-20 \|title=Acer Admits Hackers Stole Up To 34,000 Customer Credit Cards \|url=https://hardforum.com/threads/acer-admits-hackers-stole-up-to-34-000-customer-credit-cards.1902876/ \|url-status=live \|archive-url= \|archive-date= \|access-date=~~2025~~-08-18 \|website=[H]ardForum}}</ref> Others criticized Acer for mishandling sensitive payment data, particularly for storing CVV codes, which violates standard payment card security rules. The overall tone was one of anger at both the breach and Acer’s poor communication.		Consumers expressed frustration, distrust, and tangible harm following Acer’s data breach. On HardForum, several posters reported that they never received a notification from Acer despite being affected, and some discovered fraudulent charges on their credit cards after purchasing through Acer’s online store.<ref>{{Cite web \|author=HardOCP News \|date=2016-06-20 \|title=Acer Admits Hackers Stole Up To 34,000 Customer Credit Cards \|url=https://hardforum.com/threads/acer-admits-hackers-stole-up-to-34-000-customer-credit-cards.1902876/ \|url-status=live \|archive-url=https://web.archive.org/web/20260202121316/https://hardforum.com/threads/acer-admits-hackers-stole-up-to-34-000-customer-credit-cards.1902876/ \|archive-date=2026-02-02 \|access-date=2026-02-06 \|website=[H]ardForum}}</ref> Others criticized Acer for mishandling sensitive payment data, particularly for storing CVV codes, which violates standard payment card security rules. The overall tone was one of anger at both the breach and Acer’s poor communication.

	On The Register’s forum, reactions were similarly skeptical and critical.<ref>{{Cite web \|last=Nichols \|first=Shaun \|date=2016-06-17 \|title=You Acer holes! PC maker leaks payment cards in e-store hack \|url=https://www.theregister.com/2016/06/17/what_a_pain_in_the_acer/ \|url-status=live \|archive-url=https://web.archive.org/web/20260104042936/https://www.theregister.com/2016/06/17/what_a_pain_in_the_acer/ \|archive-date=2026-01-04 \|access-date=2025-08-18 \|website=The Register}}</ref> Commenters condemned Acer for failing to follow PCI DSS compliance standards and for allowing card verification codes to be compromised.<ref>{{Cite web \|last=Pasher \|first=Justin \|date=2016-06-17 \|title=Re: Storing CC security verification codes \|url=https://forums.theregister.com/forum/all/2016/06/17/what_a_pain_in_the_acer/ \|url-status=live \|archive-url=https://web.archive.org/web/20260104043419/https://forums.theregister.com/forum/all/2016/06/17/what_a_pain_in_the_acer/ \|archive-date=2026-01-04 \|access-date=2025-08-18 \|website=Forum on 'The Register'}}</ref> Some users confirmed they did receive breach notification letters, though experiences varied widely. Many expressed concern that Acer’s negligence would push costs and risks onto consumers through fraudulent charges and credit monitoring needs.		On The Register’s forum, reactions were similarly skeptical and critical.<ref>{{Cite web \|last=Nichols \|first=Shaun \|date=2016-06-17 \|title=You Acer holes! PC maker leaks payment cards in e-store hack \|url=https://www.theregister.com/2016/06/17/what_a_pain_in_the_acer/ \|url-status=live \|archive-url=https://web.archive.org/web/20260104042936/https://www.theregister.com/2016/06/17/what_a_pain_in_the_acer/ \|archive-date=2026-01-04 \|access-date=2025-08-18 \|website=The Register}}</ref> Commenters condemned Acer for failing to follow PCI DSS compliance standards and for allowing card verification codes to be compromised.<ref>{{Cite web \|last=Pasher \|first=Justin \|date=2016-06-17 \|title=Re: Storing CC security verification codes \|url=https://forums.theregister.com/forum/all/2016/06/17/what_a_pain_in_the_acer/ \|url-status=live \|archive-url=https://web.archive.org/web/20260104043419/https://forums.theregister.com/forum/all/2016/06/17/what_a_pain_in_the_acer/ \|archive-date=2026-01-04 \|access-date=2025-08-18 \|website=Forum on 'The Register'}}</ref> Some users confirmed they did receive breach notification letters, though experiences varied widely. Many expressed concern that Acer’s negligence would push costs and risks onto consumers through fraudulent charges and credit monitoring needs.

Bythmusters: added cargo

2026-01-31T19:12:29Z

added cargo

@@ Line 1: / Line 1: @@
 {{MergeRequest|Article is a news article, not an incident, and should be deleted. Info should be added to Acer page where relevant.}}{{Irrelevant}}
+{{IncidentCargo
 [[Acer]] agreed to pay $115,000 and reform its data security practices after a year-long lapse exposed the personal and financial information of more than 35,000 customers.<ref name=":0">{{Cite web |last=Schneiderman |first=Eric |date=2017-01-26 |title=A.G. Schneiderman Announces Settlement With Computer Manufacturer After Data Breach Exposed More Than 35,000 Credit Card Numbers |url=https://ag.ny.gov/press-release/2017/ag-schneiderman-announces-settlement-computer-manufacturer-after-data-breach |url-status=live |archive-url=https://web.archive.org/web/20260104040538/https://ag.ny.gov/press-release/2017/ag-schneiderman-announces-settlement-computer-manufacturer-after-data-breach |archive-date=2026-01-04 |access-date=2025-08-18 |website=New York State Attorney General's Press Releases}}</ref><ref>{{Cite web |last=Mlot |first=Stepanie |date=2017-01-27 |title=Acer Settles Online Breach Probe for $115k |url=https://www.pcmag.com/news/acer-settles-online-breach-probe-for-115k |url-status=live |archive-url=https://web.archive.org/web/20260104041024/https://www.pcmag.com/news/acer-settles-online-breach-probe-for-115k |archive-date=2026-01-04 |access-date=2025-08-18 |website=PC Mag}}</ref> The New York Attorney General’s office found that Acer left its U.S. website misconfigured and in debugging mode, allowing attackers to access unencrypted credit card details and other sensitive data between 2015 and 2016.

BobSagetFan1212: added archive link with archive date

2026-01-04T04:37:04Z

added archive link with archive date

← Older revision		Revision as of 04:37, 4 January 2026
Line 27:		Line 27:
	==Consumer response==		==Consumer response==

	Consumers expressed frustration, distrust, and tangible harm following Acer’s data breach. On HardForum, several posters reported that they never received a notification from Acer despite being affected, and some discovered fraudulent charges on their credit cards after purchasing through Acer’s online store.<ref>{{Cite web \|author=HardOCP News \|date=2016-06-20 \|title=Acer Admits Hackers Stole Up To 34,000 Customer Credit Cards \|url=https://hardforum.com/threads/acer-admits-hackers-stole-up-to-34-000-customer-credit-cards.1902876/ \|url-status=live \|access-date=2025-08-18 \|website=[H]ardForum}}</ref> Others criticized Acer for mishandling sensitive payment data, particularly for storing CVV codes, which violates standard payment card security rules. The overall tone was one of anger at both the breach and Acer’s poor communication.		Consumers expressed frustration, distrust, and tangible harm following Acer’s data breach. On HardForum, several posters reported that they never received a notification from Acer despite being affected, and some discovered fraudulent charges on their credit cards after purchasing through Acer’s online store.<ref>{{Cite web \|author=HardOCP News \|date=2016-06-20 \|title=Acer Admits Hackers Stole Up To 34,000 Customer Credit Cards \|url=https://hardforum.com/threads/acer-admits-hackers-stole-up-to-34-000-customer-credit-cards.1902876/ \|url-status=live \|archive-url= \|archive-date= \|access-date=2025-08-18 \|website=[H]ardForum}}</ref> Others criticized Acer for mishandling sensitive payment data, particularly for storing CVV codes, which violates standard payment card security rules. The overall tone was one of anger at both the breach and Acer’s poor communication.

	On The Register’s forum, reactions were similarly skeptical and critical.<ref>{{Cite web \|last=Nichols \|first=Shaun \|date=2016-06-17 \|title=You Acer holes! PC maker leaks payment cards in e-store hack \|url=https://www.theregister.com/2016/06/17/what_a_pain_in_the_acer/ \|url-status=live \|access-date=2025-08-18 \|website=The Register}}</ref> Commenters condemned Acer for failing to follow PCI DSS compliance standards and for allowing card verification codes to be compromised.<ref>{{Cite web \|last=Pasher \|first=Justin \|date=2016-06-17 \|title=Re: Storing CC security verification codes \|url=https://forums.theregister.com/forum/all/2016/06/17/what_a_pain_in_the_acer/ \|url-status=live \|access-date=2025-08-18 \|website=Forum on 'The Register'}}</ref> Some users confirmed they did receive breach notification letters, though experiences varied widely. Many expressed concern that Acer’s negligence would push costs and risks onto consumers through fraudulent charges and credit monitoring needs.		On The Register’s forum, reactions were similarly skeptical and critical.<ref>{{Cite web \|last=Nichols \|first=Shaun \|date=2016-06-17 \|title=You Acer holes! PC maker leaks payment cards in e-store hack \|url=https://www.theregister.com/2016/06/17/what_a_pain_in_the_acer/ \|url-status=live \|archive-url=https://web.archive.org/web/20260104042936/https://www.theregister.com/2016/06/17/what_a_pain_in_the_acer/ \|archive-date=2026-01-04 \|access-date=2025-08-18 \|website=The Register}}</ref> Commenters condemned Acer for failing to follow PCI DSS compliance standards and for allowing card verification codes to be compromised.<ref>{{Cite web \|last=Pasher \|first=Justin \|date=2016-06-17 \|title=Re: Storing CC security verification codes \|url=https://forums.theregister.com/forum/all/2016/06/17/what_a_pain_in_the_acer/ \|url-status=live \|archive-url=https://web.archive.org/web/20260104043419/https://forums.theregister.com/forum/all/2016/06/17/what_a_pain_in_the_acer/ \|archive-date=2026-01-04 \|access-date=2025-08-18 \|website=Forum on 'The Register'}}</ref> Some users confirmed they did receive breach notification letters, though experiences varied widely. Many expressed concern that Acer’s negligence would push costs and risks onto consumers through fraudulent charges and credit monitoring needs.

	Consumers faced heightened risks of identity theft and financial fraud due to the exposure of full credit card details, login credentials, and personal addresses. The fact that sensitive data was stored unencrypted in plain text worsened concerns about Acer’s handling of private information. While the settlement imposed stronger protections going forward, many customers were left to deal with potential fraudulent charges, credit monitoring, and long-term distrust in Acer’s ability to safeguard their personal information. Public statements from the Attorney General emphasized consumer expectations for companies to uphold basic data security standards, reflecting broader frustration with corporate negligence in protecting private data.<ref name=":0" />		Consumers faced heightened risks of identity theft and financial fraud due to the exposure of full credit card details, login credentials, and personal addresses. The fact that sensitive data was stored unencrypted in plain text worsened concerns about Acer’s handling of private information. While the settlement imposed stronger protections going forward, many customers were left to deal with potential fraudulent charges, credit monitoring, and long-term distrust in Acer’s ability to safeguard their personal information. Public statements from the Attorney General emphasized consumer expectations for companies to uphold basic data security standards, reflecting broader frustration with corporate negligence in protecting private data.<ref name=":0" />

BobSagetFan1212: fixed archived date

2026-01-04T04:15:57Z

fixed archived date

← Older revision		Revision as of 04:15, 4 January 2026
Line 1:		Line 1:
	{{MergeRequest\|Article is a news article, not an incident, and should be deleted. Info should be added to Acer page where relevant.}}{{Irrelevant}}		{{MergeRequest\|Article is a news article, not an incident, and should be deleted. Info should be added to Acer page where relevant.}}{{Irrelevant}}

	[[Acer]] agreed to pay $115,000 and reform its data security practices after a year-long lapse exposed the personal and financial information of more than 35,000 customers.<ref name=":0">{{Cite web \|last=Schneiderman \|first=Eric \|date=2017-01-26 \|title=A.G. Schneiderman Announces Settlement With Computer Manufacturer After Data Breach Exposed More Than 35,000 Credit Card Numbers \|url=https://ag.ny.gov/press-release/2017/ag-schneiderman-announces-settlement-computer-manufacturer-after-data-breach \|url-status=live \|archive-url=https://web.archive.org/web/20260104040538/https://ag.ny.gov/press-release/2017/ag-schneiderman-announces-settlement-computer-manufacturer-after-data-breach \|archive-date=~~03 Jan~~ 2026 \|access-date=2025-08-18 \|website=New York State Attorney General's Press Releases}}</ref><ref>{{Cite web \|last=Mlot \|first=Stepanie \|date=2017-01-27 \|title=Acer Settles Online Breach Probe for $115k \|url=https://www.pcmag.com/news/acer-settles-online-breach-probe-for-115k \|url-status=live \|archive-url=https://web.archive.org/web/20260104041024/https://www.pcmag.com/news/acer-settles-online-breach-probe-for-115k \|archive-date=~~03 Jan~~ 2026 \|access-date=2025-08-18 \|website=PC Mag}}</ref> The New York Attorney General’s office found that Acer left its U.S. website misconfigured and in debugging mode, allowing attackers to access unencrypted credit card details and other sensitive data between 2015 and 2016.		[[Acer]] agreed to pay $115,000 and reform its data security practices after a year-long lapse exposed the personal and financial information of more than 35,000 customers.<ref name=":0">{{Cite web \|last=Schneiderman \|first=Eric \|date=2017-01-26 \|title=A.G. Schneiderman Announces Settlement With Computer Manufacturer After Data Breach Exposed More Than 35,000 Credit Card Numbers \|url=https://ag.ny.gov/press-release/2017/ag-schneiderman-announces-settlement-computer-manufacturer-after-data-breach \|url-status=live \|archive-url=https://web.archive.org/web/20260104040538/https://ag.ny.gov/press-release/2017/ag-schneiderman-announces-settlement-computer-manufacturer-after-data-breach \|archive-date=2026-01-04 \|access-date=2025-08-18 \|website=New York State Attorney General's Press Releases}}</ref><ref>{{Cite web \|last=Mlot \|first=Stepanie \|date=2017-01-27 \|title=Acer Settles Online Breach Probe for $115k \|url=https://www.pcmag.com/news/acer-settles-online-breach-probe-for-115k \|url-status=live \|archive-url=https://web.archive.org/web/20260104041024/https://www.pcmag.com/news/acer-settles-online-breach-probe-for-115k \|archive-date=2026-01-04 \|access-date=2025-08-18 \|website=PC Mag}}</ref> The New York Attorney General’s office found that Acer left its U.S. website misconfigured and in debugging mode, allowing attackers to access unencrypted credit card details and other sensitive data between 2015 and 2016.

	==Background==		==Background==

BobSagetFan1212: fixed archived date

2026-01-04T04:14:00Z

fixed archived date

← Older revision		Revision as of 04:14, 4 January 2026
Line 1:		Line 1:
	{{MergeRequest\|Article is a news article, not an incident, and should be deleted. Info should be added to Acer page where relevant.}}{{Irrelevant}}		{{MergeRequest\|Article is a news article, not an incident, and should be deleted. Info should be added to Acer page where relevant.}}{{Irrelevant}}

	[[Acer]] agreed to pay $115,000 and reform its data security practices after a year-long lapse exposed the personal and financial information of more than 35,000 customers.<ref name=":0">{{Cite web \|last=Schneiderman \|first=Eric \|date=2017-01-26 \|title=A.G. Schneiderman Announces Settlement With Computer Manufacturer After Data Breach Exposed More Than 35,000 Credit Card Numbers \|url=https://ag.ny.gov/press-release/2017/ag-schneiderman-announces-settlement-computer-manufacturer-after-data-breach \|url-status=live \|archive-url=https://web.archive.org/web/20260104040538/https://ag.ny.gov/press-release/2017/ag-schneiderman-announces-settlement-computer-manufacturer-after-data-breach \|archive-date=2026~~-01-03~~ \|access-date=2025-08-18 \|website=New York State Attorney General's Press Releases}}</ref><ref>{{Cite web \|last=Mlot \|first=Stepanie \|date=2017-01-27 \|title=Acer Settles Online Breach Probe for $115k \|url=https://www.pcmag.com/news/acer-settles-online-breach-probe-for-115k \|url-status=live \|archive-url=https://web.archive.org/web/20260104041024/https://www.pcmag.com/news/acer-settles-online-breach-probe-for-115k \|archive-date=2026~~-01-03~~ \|access-date=2025-08-18 \|website=PC Mag}}</ref> The New York Attorney General’s office found that Acer left its U.S. website misconfigured and in debugging mode, allowing attackers to access unencrypted credit card details and other sensitive data between 2015 and 2016.		[[Acer]] agreed to pay $115,000 and reform its data security practices after a year-long lapse exposed the personal and financial information of more than 35,000 customers.<ref name=":0">{{Cite web \|last=Schneiderman \|first=Eric \|date=2017-01-26 \|title=A.G. Schneiderman Announces Settlement With Computer Manufacturer After Data Breach Exposed More Than 35,000 Credit Card Numbers \|url=https://ag.ny.gov/press-release/2017/ag-schneiderman-announces-settlement-computer-manufacturer-after-data-breach \|url-status=live \|archive-url=https://web.archive.org/web/20260104040538/https://ag.ny.gov/press-release/2017/ag-schneiderman-announces-settlement-computer-manufacturer-after-data-breach \|archive-date=03 Jan 2026 \|access-date=2025-08-18 \|website=New York State Attorney General's Press Releases}}</ref><ref>{{Cite web \|last=Mlot \|first=Stepanie \|date=2017-01-27 \|title=Acer Settles Online Breach Probe for $115k \|url=https://www.pcmag.com/news/acer-settles-online-breach-probe-for-115k \|url-status=live \|archive-url=https://web.archive.org/web/20260104041024/https://www.pcmag.com/news/acer-settles-online-breach-probe-for-115k \|archive-date=03 Jan 2026 \|access-date=2025-08-18 \|website=PC Mag}}</ref> The New York Attorney General’s office found that Acer left its U.S. website misconfigured and in debugging mode, allowing attackers to access unencrypted credit card details and other sensitive data between 2015 and 2016.

	==Background==		==Background==

BobSagetFan1212: added archive link with archive date

2026-01-04T04:11:50Z

added archive link with archive date

← Older revision		Revision as of 04:11, 4 January 2026
Line 1:		Line 1:
	{{MergeRequest\|Article is a news article, not an incident, and should be deleted. Info should be added to Acer page where relevant.}}{{Irrelevant}}		{{MergeRequest\|Article is a news article, not an incident, and should be deleted. Info should be added to Acer page where relevant.}}{{Irrelevant}}

	[[Acer]] agreed to pay $115,000 and reform its data security practices after a year-long lapse exposed the personal and financial information of more than 35,000 customers.<ref name=":0">{{Cite web \|last=Schneiderman \|first=Eric \|date=2017-01-26 \|title=A.G. Schneiderman Announces Settlement With Computer Manufacturer After Data Breach Exposed More Than 35,000 Credit Card Numbers \|url=https://ag.ny.gov/press-release/2017/ag-schneiderman-announces-settlement-computer-manufacturer-after-data-breach \|url-status=live \|archive-url=https://web.archive.org/web/20260104040538/https://ag.ny.gov/press-release/2017/ag-schneiderman-announces-settlement-computer-manufacturer-after-data-breach \|archive-date=2026-01-03 \|access-date=2025-08-18 \|website=New York State Attorney General's Press Releases}}</ref><ref>{{Cite web \|last=Mlot \|first=Stepanie \|date=2017-01-27 \|title=Acer Settles Online Breach Probe for $115k \|url=https://www.pcmag.com/news/acer-settles-online-breach-probe-for-115k \|url-status=live \|access-date=2025-08-18 \|website=PC Mag}}</ref> The New York Attorney General’s office found that Acer left its U.S. website misconfigured and in debugging mode, allowing attackers to access unencrypted credit card details and other sensitive data between 2015 and 2016.		[[Acer]] agreed to pay $115,000 and reform its data security practices after a year-long lapse exposed the personal and financial information of more than 35,000 customers.<ref name=":0">{{Cite web \|last=Schneiderman \|first=Eric \|date=2017-01-26 \|title=A.G. Schneiderman Announces Settlement With Computer Manufacturer After Data Breach Exposed More Than 35,000 Credit Card Numbers \|url=https://ag.ny.gov/press-release/2017/ag-schneiderman-announces-settlement-computer-manufacturer-after-data-breach \|url-status=live \|archive-url=https://web.archive.org/web/20260104040538/https://ag.ny.gov/press-release/2017/ag-schneiderman-announces-settlement-computer-manufacturer-after-data-breach \|archive-date=2026-01-03 \|access-date=2025-08-18 \|website=New York State Attorney General's Press Releases}}</ref><ref>{{Cite web \|last=Mlot \|first=Stepanie \|date=2017-01-27 \|title=Acer Settles Online Breach Probe for $115k \|url=https://www.pcmag.com/news/acer-settles-online-breach-probe-for-115k \|url-status=live \|archive-url=https://web.archive.org/web/20260104041024/https://www.pcmag.com/news/acer-settles-online-breach-probe-for-115k \|archive-date=2026-01-03 \|access-date=2025-08-18 \|website=PC Mag}}</ref> The New York Attorney General’s office found that Acer left its U.S. website misconfigured and in debugging mode, allowing attackers to access unencrypted credit card details and other sensitive data between 2015 and 2016.

	==Background==		==Background==

BobSagetFan1212: fixed archived link

2026-01-04T04:08:09Z

fixed archived link

← Older revision		Revision as of 04:08, 4 January 2026
Line 1:		Line 1:
	{{MergeRequest\|Article is a news article, not an incident, and should be deleted. Info should be added to Acer page where relevant.}}{{Irrelevant}}		{{MergeRequest\|Article is a news article, not an incident, and should be deleted. Info should be added to Acer page where relevant.}}{{Irrelevant}}

	[[Acer]] agreed to pay $115,000 and reform its data security practices after a year-long lapse exposed the personal and financial information of more than 35,000 customers.<ref name=":0">{{Cite web \|last=Schneiderman \|first=Eric \|date=2017-01-26 \|title=A.G. Schneiderman Announces Settlement With Computer Manufacturer After Data Breach Exposed More Than 35,000 Credit Card Numbers \|url=https://ag.ny.gov/press-release/2017/ag-schneiderman-announces-settlement-computer-manufacturer-after-data-breach \|url-status=live \|archive-url=/web/20260104040538/https://ag.ny.gov/press-release/2017/ag-schneiderman-announces-settlement-computer-manufacturer-after-data-breach \|archive-date=2026-01-03 \|access-date=2025-08-18 \|website=New York State Attorney General's Press Releases}}</ref><ref>{{Cite web \|last=Mlot \|first=Stepanie \|date=2017-01-27 \|title=Acer Settles Online Breach Probe for $115k \|url=https://www.pcmag.com/news/acer-settles-online-breach-probe-for-115k \|url-status=live \|access-date=2025-08-18 \|website=PC Mag}}</ref> The New York Attorney General’s office found that Acer left its U.S. website misconfigured and in debugging mode, allowing attackers to access unencrypted credit card details and other sensitive data between 2015 and 2016.		[[Acer]] agreed to pay $115,000 and reform its data security practices after a year-long lapse exposed the personal and financial information of more than 35,000 customers.<ref name=":0">{{Cite web \|last=Schneiderman \|first=Eric \|date=2017-01-26 \|title=A.G. Schneiderman Announces Settlement With Computer Manufacturer After Data Breach Exposed More Than 35,000 Credit Card Numbers \|url=https://ag.ny.gov/press-release/2017/ag-schneiderman-announces-settlement-computer-manufacturer-after-data-breach \|url-status=live \|archive-url=https://web.archive.org/web/20260104040538/https://ag.ny.gov/press-release/2017/ag-schneiderman-announces-settlement-computer-manufacturer-after-data-breach \|archive-date=2026-01-03 \|access-date=2025-08-18 \|website=New York State Attorney General's Press Releases}}</ref><ref>{{Cite web \|last=Mlot \|first=Stepanie \|date=2017-01-27 \|title=Acer Settles Online Breach Probe for $115k \|url=https://www.pcmag.com/news/acer-settles-online-breach-probe-for-115k \|url-status=live \|access-date=2025-08-18 \|website=PC Mag}}</ref> The New York Attorney General’s office found that Acer left its U.S. website misconfigured and in debugging mode, allowing attackers to access unencrypted credit card details and other sensitive data between 2015 and 2016.

	==Background==		==Background==

BobSagetFan1212: added archive link with archive date

2026-01-04T04:07:07Z

added archive link with archive date

← Older revision		Revision as of 04:07, 4 January 2026
Line 1:		Line 1:
	{{MergeRequest\|Article is a news article, not an incident, and should be deleted. Info should be added to Acer page where relevant.}}{{Irrelevant}}		{{MergeRequest\|Article is a news article, not an incident, and should be deleted. Info should be added to Acer page where relevant.}}{{Irrelevant}}

	[[Acer]] agreed to pay $115,000 and reform its data security practices after a year-long lapse exposed the personal and financial information of more than 35,000 customers.<ref name=":0">{{Cite web \|last=Schneiderman \|first=Eric \|date=2017-01-26 \|title=A.G. Schneiderman Announces Settlement With Computer Manufacturer After Data Breach Exposed More Than 35,000 Credit Card Numbers \|url=https://ag.ny.gov/press-release/2017/ag-schneiderman-announces-settlement-computer-manufacturer-after-data-breach \|url-status=live \|access-date=2025-08-18 \|website=New York State Attorney General's Press Releases}}</ref><ref>{{Cite web \|last=Mlot \|first=Stepanie \|date=2017-01-27 \|title=Acer Settles Online Breach Probe for $115k \|url=https://www.pcmag.com/news/acer-settles-online-breach-probe-for-115k \|url-status=live \|access-date=2025-08-18 \|website=PC Mag}}</ref> The New York Attorney General’s office found that Acer left its U.S. website misconfigured and in debugging mode, allowing attackers to access unencrypted credit card details and other sensitive data between 2015 and 2016.		[[Acer]] agreed to pay $115,000 and reform its data security practices after a year-long lapse exposed the personal and financial information of more than 35,000 customers.<ref name=":0">{{Cite web \|last=Schneiderman \|first=Eric \|date=2017-01-26 \|title=A.G. Schneiderman Announces Settlement With Computer Manufacturer After Data Breach Exposed More Than 35,000 Credit Card Numbers \|url=https://ag.ny.gov/press-release/2017/ag-schneiderman-announces-settlement-computer-manufacturer-after-data-breach \|url-status=live \|archive-url=/web/20260104040538/https://ag.ny.gov/press-release/2017/ag-schneiderman-announces-settlement-computer-manufacturer-after-data-breach \|archive-date=2026-01-03 \|access-date=2025-08-18 \|website=New York State Attorney General's Press Releases}}</ref><ref>{{Cite web \|last=Mlot \|first=Stepanie \|date=2017-01-27 \|title=Acer Settles Online Breach Probe for $115k \|url=https://www.pcmag.com/news/acer-settles-online-breach-probe-for-115k \|url-status=live \|access-date=2025-08-18 \|website=PC Mag}}</ref> The New York Attorney General’s office found that Acer left its U.S. website misconfigured and in debugging mode, allowing attackers to access unencrypted credit card details and other sensitive data between 2015 and 2016.

	==Background==		==Background==

Beanie Bo: merge request before deletion

2025-11-07T13:44:48Z

merge request before deletion

← Older revision		Revision as of 13:44, 7 November 2025
Line 1:		Line 1:
	{{Irrelevant}}		{{MergeRequest\|Article is a news article, not an incident, and should be deleted. Info should be added to Acer page where relevant.}}{{Irrelevant}}

	[[Acer]] agreed to pay $115,000 and reform its data security practices after a year-long lapse exposed the personal and financial information of more than 35,000 customers.<ref name=":0">{{Cite web \|last=Schneiderman \|first=Eric \|date=2017-01-26 \|title=A.G. Schneiderman Announces Settlement With Computer Manufacturer After Data Breach Exposed More Than 35,000 Credit Card Numbers \|url=https://ag.ny.gov/press-release/2017/ag-schneiderman-announces-settlement-computer-manufacturer-after-data-breach \|url-status=live \|access-date=2025-08-18 \|website=New York State Attorney General's Press Releases}}</ref><ref>{{Cite web \|last=Mlot \|first=Stepanie \|date=2017-01-27 \|title=Acer Settles Online Breach Probe for $115k \|url=https://www.pcmag.com/news/acer-settles-online-breach-probe-for-115k \|url-status=live \|access-date=2025-08-18 \|website=PC Mag}}</ref> The New York Attorney General’s office found that Acer left its U.S. website misconfigured and in debugging mode, allowing attackers to access unencrypted credit card details and other sensitive data between 2015 and 2016.		[[Acer]] agreed to pay $115,000 and reform its data security practices after a year-long lapse exposed the personal and financial information of more than 35,000 customers.<ref name=":0">{{Cite web \|last=Schneiderman \|first=Eric \|date=2017-01-26 \|title=A.G. Schneiderman Announces Settlement With Computer Manufacturer After Data Breach Exposed More Than 35,000 Credit Card Numbers \|url=https://ag.ny.gov/press-release/2017/ag-schneiderman-announces-settlement-computer-manufacturer-after-data-breach \|url-status=live \|access-date=2025-08-18 \|website=New York State Attorney General's Press Releases}}</ref><ref>{{Cite web \|last=Mlot \|first=Stepanie \|date=2017-01-27 \|title=Acer Settles Online Breach Probe for $115k \|url=https://www.pcmag.com/news/acer-settles-online-breach-probe-for-115k \|url-status=live \|access-date=2025-08-18 \|website=PC Mag}}</ref> The New York Attorney General’s office found that Acer left its U.S. website misconfigured and in debugging mode, allowing attackers to access unencrypted credit card details and other sensitive data between 2015 and 2016.

2A00:23C8:2384:101:B34:3E7B:6AF4:18CF: fixed cite error

2025-11-06T23:10:57Z

fixed cite error

← Older revision		Revision as of 23:10, 6 November 2025
Line 27:		Line 27:
	==Consumer response==		==Consumer response==

	Consumers expressed frustration, distrust, and tangible harm following Acer’s data breach. On HardForum, several posters reported that they never received a notification from Acer despite being affected, and some discovered fraudulent charges on their credit cards after purchasing through Acer’s online store.<ref>{{Cite web \|~~first~~=HardOCP News \|date=2016-06-20 \|title=Acer Admits Hackers Stole Up To 34,000 Customer Credit Cards \|url=https://hardforum.com/threads/acer-admits-hackers-stole-up-to-34-000-customer-credit-cards.1902876/ \|url-status=live \|access-date=2025-08-18 \|website=[H]ardForum}}</ref> Others criticized Acer for mishandling sensitive payment data, particularly for storing CVV codes, which violates standard payment card security rules. The overall tone was one of anger at both the breach and Acer’s poor communication.		Consumers expressed frustration, distrust, and tangible harm following Acer’s data breach. On HardForum, several posters reported that they never received a notification from Acer despite being affected, and some discovered fraudulent charges on their credit cards after purchasing through Acer’s online store.<ref>{{Cite web \|author=HardOCP News \|date=2016-06-20 \|title=Acer Admits Hackers Stole Up To 34,000 Customer Credit Cards \|url=https://hardforum.com/threads/acer-admits-hackers-stole-up-to-34-000-customer-credit-cards.1902876/ \|url-status=live \|access-date=2025-08-18 \|website=[H]ardForum}}</ref> Others criticized Acer for mishandling sensitive payment data, particularly for storing CVV codes, which violates standard payment card security rules. The overall tone was one of anger at both the breach and Acer’s poor communication.

	On The Register’s forum, reactions were similarly skeptical and critical.<ref>{{Cite web \|last=Nichols \|first=Shaun \|date=2016-06-17 \|title=You Acer holes! PC maker leaks payment cards in e-store hack \|url=https://www.theregister.com/2016/06/17/what_a_pain_in_the_acer/ \|url-status=live \|access-date=2025-08-18 \|website=The Register}}</ref> Commenters condemned Acer for failing to follow PCI DSS compliance standards and for allowing card verification codes to be compromised.<ref>{{Cite web \|last=Pasher \|first=Justin \|date=2016-06-17 \|title=Re: Storing CC security verification codes \|url=https://forums.theregister.com/forum/all/2016/06/17/what_a_pain_in_the_acer/ \|url-status=live \|access-date=2025-08-18 \|website=Forum on 'The Register'}}</ref> Some users confirmed they did receive breach notification letters, though experiences varied widely. Many expressed concern that Acer’s negligence would push costs and risks onto consumers through fraudulent charges and credit monitoring needs.		On The Register’s forum, reactions were similarly skeptical and critical.<ref>{{Cite web \|last=Nichols \|first=Shaun \|date=2016-06-17 \|title=You Acer holes! PC maker leaks payment cards in e-store hack \|url=https://www.theregister.com/2016/06/17/what_a_pain_in_the_acer/ \|url-status=live \|access-date=2025-08-18 \|website=The Register}}</ref> Commenters condemned Acer for failing to follow PCI DSS compliance standards and for allowing card verification codes to be compromised.<ref>{{Cite web \|last=Pasher \|first=Justin \|date=2016-06-17 \|title=Re: Storing CC security verification codes \|url=https://forums.theregister.com/forum/all/2016/06/17/what_a_pain_in_the_acer/ \|url-status=live \|access-date=2025-08-18 \|website=Forum on 'The Register'}}</ref> Some users confirmed they did receive breach notification letters, though experiences varied widely. Many expressed concern that Acer’s negligence would push costs and risks onto consumers through fraudulent charges and credit monitoring needs.