Acer Penalized For $115K In Major Security Breach

By

Acer has been penalized for a massive amount of $115,000 after a glitch in the system exposed thousands of customers' personal information. The leak was caused when the company's website misconfigured and left its customers privy to hackers.

The security breach occurred in June last year when the company announced that a breach in online storefront pertaining to North America resulted in the compromise of thousands of users' data. In recent updates regarding the matter, the New York attorney general's office confirmed that the company would be paying the heavy fee in penalties.

The decision was made after the attorney general's office investigated the matter and found the Acer technical support team responsible for serious security errors. According to Engadget reports, the discovery showed that the debugging mode was enabled on the e-commerce platform of the company between July 2015 and April 2016.

This setting resulted in all of the clients' personal data provided via the website's forms to be saved on a plain-text log file which was unencrypted. The information provided credit card details, full names, user names, verification numbers, passwords for email addresses and even the website as well as ZIP codes and complete street addresses.

Undoubtedly, customers would be required to enter this data in order to carry out transactions on the portal. However, it is easy to imagine how acts of fraud could be committed by malicious entities by use of this information. Additionally, a confirmation proves that the Acer website was misconfigured in order to allow unauthorized users to browse the directory.

Attackers and hackers could easily access the subdirectories from any web browser as stated in the release published by the attorney general's office. The investigation also showed that the breach caused the stealing of 35,000 users' information from Canada, the United States, and Puerto Rico. It is confirmed that at least one hacking group has exploited the vulnerabilities of the site to collect data between Nov. 2015 and April 2016.

In addition to the $115,000 settlement, the company will also be required to enforce multiple new security policies in order to ensure that prior mistakes are not repeated.

Tags
Settlement, Hacking

© 2025 Lawyer Herald All rights reserved. Do not reproduce without permission.

Join the Discussion
More News
Delivery Robbery_03192025_1

Woman Allegedly Robbed Food Delivery Driver at Knifepoint; Cops Found Her Hours Later Still Holding the Bag

Arizona Final Meal_03192025_1

Arizona Man Executed by Lethal Injection Requested Carl's Jr. and Baklava for His Last Meal

denver murder case

Convicted Murderer Believed New DNA Test Would Free Him. It Only Confirmed His Guilty Verdict

 Kendal Aaron Todd

Florida Man Vowed to 'Kill' Trump on 'Live TV' in Series of Threatening Posts: Police