According to a letter sent by Acer to the California Attorney General’s office, the hack happened over a year ago. Customers who accessed the site between May 12, 2015 and April 28, 2016 may have had their data compromised. This includes names, mailing addresses, credit card numbers, expiry dates, and even the card’s CCV security codes.
There is no evidence that usernames or passwords were stolen or compromised during the unauthorized third party access. The company has not confirmed how many people are potentially affected.
“We do not collect Social Security numbers, and we have not identified evidence indicating that password or login credentials were affected,” the data breach notification letter reads, which is attributed to Acer’s vice president of customer service Mark Groveunder.
The Taiwanese PC and laptop maker has not revealed any details about the supposed hack itself, or how it was carried out.
The letter continues to explain that Acer is working with an outside cybersecurity firm to investigate the incident, is cooperating with federal law enforcement, and has notified the relevant payment card providers.
“If you suspect that you are a victim of identity theft or fraud, you have the right to file a police report. In addition, you may contact your State Attorney General’s office or the U.S. Federal Trade Commission to learn about steps you can take to protect yourself against identity theft,” said Groveunder in the letter.
The company is urging all customers to review their account statements for any anomalies.
“We value the trust you place in us. We regret this incident occurred, and we will be working hard to enhance our security,” said Groveunder.
