IOTW: Acer suffers second massive data breach in seven months

Taiwanese hardware supplier hit by attack on local after-sales service system in India having refused to pay ransom demands following previous attack in March

Add bookmark
Sarah Williams
Sarah Williams
10/15/2021

Acer suffers massive data breach again

Acer, the world’s sixth-largest PC seller, has suffered yet another data breach. The Taiwan-based firm lost 60GB of client, distributor and retailer information, as well as log-in details, financial and audit data – all gleaned via an unknown attack type claimed by hacker group Desorden.

The hardware supplier suffered a previous attack back in March, when ransomware group REvil attempted to charge Acer US$50mn for the release of sensitive data. Acer reportedly refused to pay the demand, which has had unintended consequences for it in this week’s breach

With more than 140,000 members, Cyber Security Hub is the vibrant community connecting cyber security professionals around the world.

The facts

On 13 October, a user on a popular hacker forum posted the below screenshot, claiming credit for the 60GB attack, referencing the March breach and offering both video evidence of the haul, as well as releasing the records of 10,000 Acer clients.

The attack was made at local level in India, and seems to have only impacted Indian clients, retailers and distributors – although it remains unknown what financial and audit information was accessed, which is a possible big blow for the manufacturer.

Acer confirmed the successful attack the next day, with the full statement reading: “We have recently detected an isolated attack on our local after-sales service system in India. Upon detection, we immediately initiated our security protocols and conducted a full scan of our systems. We are notifying all potentially affected customers in India. The incident has been reported to local law enforcement and the Indian Computer Emergency Response Team and has no material impact to our operations and business continuity.”

Lessons learned

The fact that Acer refused to comply with the REvil’s ransom (which reportedly went up to $100m following the company’s refusal) will undoubtedly be the reason that Desorden has already released some of the data.

Both Privacy Affairs and Bleeping Computer have confirmed that the data appears to be authentic, and that it includes the email addresses, phone numbers and names of several million Acer clients. While the company says this attack will not have a material impact on operations and business continuity, having two breaches in less than a year will certainly not encourage continued customer loyalty, impacting sales conversion for new customers. Both large and small businesses will have been affected, and for SMEs, the potential impact – which could include future identity theft – is large enough to give pause for thought when it comes to renewing contracts.

Further, Acer’s security protocols should already have been in place, and a full system scan, even of localized systems, should be de rigueur for a company which, after being attacked a mere seven months ago, should have known better.

Quick tips

  • As usual, when an attack like this occurs in your industry or with a competitor, it is best to assume your company is equally vulnerable. Make sure your local servers and systems are all as tight as one another and conduct thorough scans regularly.
  • Consider the main type of breaches and make sure that any sim tests or pen tests include them.
  • Consider cloud-based data storage, particularly CASB, which focuses on data protection.