Acer suffers data hack

The vendor has discovered a breach in its online store dating back to May last year

An unknown amount of Acer customer data is at risk after a breach in its online store was discovered.

The vendor is starting to notify customers after realising that data belonging to those who accessed the site between 12 May 2015 and 28 April 2016 could be compromised.

The data at risk includes names, addresses, payment card numbers, card expiration dates and CVV three-digit security codes.

Stephen Gates, chief research intelligence analyst at NSFOCUS, has criticised Acer for unnecessarily storing the data.

He said: "Breaches like this begs one to ask, ‘Why did Acer find it necessary to store user information that included credit card numbers, expiration dates, and CVV numbers?'

"The recommended practice would be to delete that information once a transaction is complete.

"When you have all three - credit card number, expiration date and CVV - you basically have the keys to the kingdom, so to speak."

At the time of publication there had been no official comment from Acer regarding the data breach, but a draft letter to the customers at risk had been published on the California Attorney General's website.

In the letter vice president Mark Groveunder said: "Safeguarding your personal information is important to us.

"We took immediate steps to remediate this security issue upon identifying it, and we are being assisted by outside cybersecurity experts.

"We have reported this issue to our credit card payment processor [and] we have also contacted and offered our full cooperation to federal law enforcement."