Acer: Difference between revisions - Consumer Rights Wiki

Line 25:

===Personal data breach (''2015'')===

~~{{Main|Acer settles online breach probe for $115k}}~~

Acer exposed 35,071 of their customer's personal and financial information from 2015 - 2016 (names, full credit card details, addresses, and login credentials).<ref name=":0">{{Cite web |last=Schneiderman |first=Eric |date=2017-01-26 |title=A.G. Schneiderman Announces Settlement With Computer Manufacturer After Data Breach Exposed More Than 35,000 Credit Card Numbers |url=https://ag.ny.gov/press-release/2017/ag-schneiderman-announces-settlement-computer-manufacturer-after-data-breach |url-status=live |archive-url=https://web.archive.org/web/20260104040538/https://ag.ny.gov/press-release/2017/ag-schneiderman-announces-settlement-computer-manufacturer-after-data-breach |archive-date=2026-01-04 |access-date=2025-08-18 |website=New York State Attorney General's Press Releases}}</ref>

Acer exposed 35,071 of their customer's personal and financial information from 2015 - 2016 (names, full credit card details, addresses, and login credentials).

This happened because an employee enabled debugging mode in the U.S. e-commerce platform store, which stored the data in plain text log files. In addition, the website was misconfigured to allow directory browsing, enabling attackers to easily access subdirectories and extract sensitive files. At the time of the incident Acer relied on this platform for direct-to-consumer sales. This made the website's security critical for handling sensitive data.

The case was settled in 2017.

The case with the New York Attorney General’s office was settled in 2017.<ref>{{Cite web |last=Mlot |first=Stepanie |date=2017-01-27 |title=Acer Settles Online Breach Probe for $115k |url=https://www.pcmag.com/news/acer-settles-online-breach-probe-for-115k |url-status=live |archive-url=https://web.archive.org/web/20260104041024/https://www.pcmag.com/news/acer-settles-online-breach-probe-for-115k |archive-date=2026-01-04 |access-date=2025-08-18 |website=PC Mag}}</ref>

====Consumer response====

On The Register’s forum, reactions were similarly skeptical and critical.<ref>{{Cite web |last=Nichols |first=Shaun |date=2016-06-17 |title=You Acer holes! PC maker leaks payment cards in e-store hack |url=https://www.theregister.com/2016/06/17/what_a_pain_in_the_acer/ |url-status=live |archive-url=https://web.archive.org/web/20260104042936/https://www.theregister.com/2016/06/17/what_a_pain_in_the_acer/ |archive-date=2026-01-04 |access-date=2025-08-18 |website=The Register}}</ref> Commenters condemned Acer for failing to follow PCI DSS compliance standards and for allowing card verification codes to be compromised.<ref>{{Cite web |last=Pasher |first=Justin |date=2016-06-17 |title=Re: Storing CC security verification codes |url=https://forums.theregister.com/forum/all/2016/06/17/what_a_pain_in_the_acer/ |url-status=live |archive-url=https://web.archive.org/web/20260104043419/https://forums.theregister.com/forum/all/2016/06/17/what_a_pain_in_the_acer/ |archive-date=2026-01-04 |access-date=2025-08-18 |website=Forum on 'The Register'}}</ref> Some users confirmed they did receive breach notification letters, though experiences varied widely. Many expressed concern that Acer’s negligence would push costs and risks onto consumers through fraudulent charges and credit monitoring needs.

==Products==

@@ Line 25: / Line 25: @@
 ===Personal data breach (''2015'')===
-{{Main|Acer settles online breach probe for $115k}}
+Acer exposed 35,071 of their customer's personal and financial information from 2015 - 2016 (names, full credit card details, addresses, and login credentials).<ref name=":0">{{Cite web |last=Schneiderman |first=Eric |date=2017-01-26 |title=A.G. Schneiderman Announces Settlement With Computer Manufacturer After Data Breach Exposed More Than 35,000 Credit Card Numbers |url=https://ag.ny.gov/press-release/2017/ag-schneiderman-announces-settlement-computer-manufacturer-after-data-breach |url-status=live |archive-url=https://web.archive.org/web/20260104040538/https://ag.ny.gov/press-release/2017/ag-schneiderman-announces-settlement-computer-manufacturer-after-data-breach |archive-date=2026-01-04 |access-date=2025-08-18 |website=New York State Attorney General's Press Releases}}</ref>
-Acer exposed 35,071 of their customer's personal and financial information from 2015 - 2016 (names, full credit card details, addresses, and login credentials).
-This happened because  an employee enabled debugging mode in the U.S. e-commerce platform store, which stored the data in plain text log files. In addition, the website was misconfigured to allow directory browsing, enabling attackers to easily access subdirectories and extract sensitive files. At the time of the incident Acer relied on this platform for direct-to-consumer sales. This made the website's security critical for handling sensitive data.
+This happened because an employee enabled debugging mode in the U.S. e-commerce platform store, which stored the data in plain text log files. In addition, the website was misconfigured to allow directory browsing, enabling attackers to easily access subdirectories and extract sensitive files. At the time of the incident Acer relied on this platform for direct-to-consumer sales. This made the website's security critical for handling sensitive data.
-The case was settled in 2017.
+The case with the New York Attorney General’s office was settled in 2017.<ref>{{Cite web |last=Mlot |first=Stepanie |date=2017-01-27 |title=Acer Settles Online Breach Probe for $115k |url=https://www.pcmag.com/news/acer-settles-online-breach-probe-for-115k |url-status=live |archive-url=https://web.archive.org/web/20260104041024/https://www.pcmag.com/news/acer-settles-online-breach-probe-for-115k |archive-date=2026-01-04 |access-date=2025-08-18 |website=PC Mag}}</ref>
+====Consumer response====
+On The Register’s forum, reactions were similarly skeptical and critical.<ref>{{Cite web |last=Nichols |first=Shaun |date=2016-06-17 |title=You Acer holes! PC maker leaks payment cards in e-store hack |url=https://www.theregister.com/2016/06/17/what_a_pain_in_the_acer/ |url-status=live |archive-url=https://web.archive.org/web/20260104042936/https://www.theregister.com/2016/06/17/what_a_pain_in_the_acer/ |archive-date=2026-01-04 |access-date=2025-08-18 |website=The Register}}</ref> Commenters condemned Acer for failing to follow PCI DSS compliance standards and for allowing card verification codes to be compromised.<ref>{{Cite web |last=Pasher |first=Justin |date=2016-06-17 |title=Re: Storing CC security verification codes |url=https://forums.theregister.com/forum/all/2016/06/17/what_a_pain_in_the_acer/ |url-status=live |archive-url=https://web.archive.org/web/20260104043419/https://forums.theregister.com/forum/all/2016/06/17/what_a_pain_in_the_acer/ |archive-date=2026-01-04 |access-date=2025-08-18 |website=Forum on 'The Register'}}</ref> Some users confirmed they did receive breach notification letters, though experiences varied widely. Many expressed concern that Acer’s negligence would push costs and risks onto consumers through fraudulent charges and credit monitoring needs.
 ==Products==