Acer Penalized For $115K In Major Security Breach

By

Acer has been penalized for a massive amount of $115,000 after a glitch in the system exposed thousands of customers' personal information. The leak was caused when the company's website misconfigured and left its customers privy to hackers.

The security breach occurred in June last year when the company announced that a breach in online storefront pertaining to North America resulted in the compromise of thousands of users' data. In recent updates regarding the matter, the New York attorney general's office confirmed that the company would be paying the heavy fee in penalties.

The decision was made after the attorney general's office investigated the matter and found the Acer technical support team responsible for serious security errors. According to Engadget reports, the discovery showed that the debugging mode was enabled on the e-commerce platform of the company between July 2015 and April 2016.

This setting resulted in all of the clients' personal data provided via the website's forms to be saved on a plain-text log file which was unencrypted. The information provided credit card details, full names, user names, verification numbers, passwords for email addresses and even the website as well as ZIP codes and complete street addresses.

Undoubtedly, customers would be required to enter this data in order to carry out transactions on the portal. However, it is easy to imagine how acts of fraud could be committed by malicious entities by use of this information. Additionally, a confirmation proves that the Acer website was misconfigured in order to allow unauthorized users to browse the directory.

Attackers and hackers could easily access the subdirectories from any web browser as stated in the release published by the attorney general's office. The investigation also showed that the breach caused the stealing of 35,000 users' information from Canada, the United States, and Puerto Rico. It is confirmed that at least one hacking group has exploited the vulnerabilities of the site to collect data between Nov. 2015 and April 2016.

In addition to the $115,000 settlement, the company will also be required to enforce multiple new security policies in order to ensure that prior mistakes are not repeated.

Tags
Settlement, Hacking

© 2025 Lawyer Herald All rights reserved. Do not reproduce without permission.

Join the Discussion
More News
Robin Kaye

Bodies of 'American Idol' Exec and Husband Found Days After Deadly Home Burglary

Cynthia Diaz Sosa

Florida Woman Bear Sprayed Another Driver Who Ran Over Chicken Crossing The Road to 'Teach Her a Lesson'

AG Pam Bondi (left) | FBI Director Kash Patel (right)

Democrats Demand Jim Jordan Summon Bondi, Patel For Hearing About Epstein Files

GettyImages-181322625

Ghislaine Maxwell's Family Takes Advantage of Epstein Files Chaos to Push Her Innocence: 'Our Sister Did Not Receive a Fair Trial