Skip to main content

Acer hit with $115K in penalties after the theft of 35,000 users' personal information

acer settlement security breach logo
Image used with permission by copyright holder
In June 2016, Acer announced that a security breach pertaining to its online storefront serving North America had resulted in thousands of users’ personal data being compromised. Now, the New York attorney general’s office has confirmed that the company will pay $115,000 in penalties, following an in-depth investigation into the error.

It’s been discovered that an Acer employee enabled debugging mode on the company’s ecommerce platform between July 2015 and April 2016, according to a report from Engadget. This setting caused all personal data provided by customers via web forms to be saved to an unencrypted, plain-text log file.

Recommended Videos

The information offered up included full names, credit card numbers, expiration dates, verification numbers, user names and passwords for the site, email addresses, and full street addresses including ZIP codes. Customers would obviously need to submit this data to carry out a transaction on the website, but it’s easy to imagine how malicious entities could use it to commit acts of fraud.

Please enable Javascript to view this content

Furthermore, there’s confirmation that the Acer website was misconfigured such that unauthorized users could browse its directory. Attackers could access subdirectories from a web browser, according to a release published by the attorney general’s office.

The investigation has found that 35,000 users based in the United States, Canada, and Puerto Rico had their information stolen as a result of the breach. At least one hacking group has been confirmed to have exploited the site’s vulnerabilities to obtain this data between November 2015 and April 2016.

As well as the $115,000 settlement, Acer will be required to enforce several new security policies intended to ensure that these mistakes aren’t repeated. The company will have to deliver yearly employee training about data security and customer privacy, and designate a specific employee to be notified whenever customer data is stored without encryption, among a list of other stipulations.

Brad Jones
Former Digital Trends Contributor
Brad is an English-born writer currently splitting his time between Edinburgh and Pennsylvania. You can find him on Twitter…
Google says quantum computing applications are five years away
Google Quantum chip Willow.

A few weeks ago at CES 2025, Nvidia CEO Jensen Huang posited that practical uses of quantum computing were about 20 years away. Today, Google’s head of quantum Hartmut Neven told Reuters that we could see real-world applications of quantum computing within five years. So, who is right?

According to Huang, current quantum systems don’t have enough “qubits.” In fact, they’re short by around five or six orders of magnitude. But why do we need so many? Well, current research suggests that more qubits result in fewer errors, creating more accurate quantum computers. Let's talk about why that is.

Read more
Texas brings the ban hammer down on DeepSeek and RedNote
Mobile users experience censorship bias with DeepSeek AI.

If you’re a government worker in Texas, you can’t use DeepSeek or many other Chinese-developed applications on your state-issued device. Texas Governor, Greg Abbott, has instated a ban, preventing state employees from downloading, installing, or using several notable Chinese apps on government-sanctioned devices.

Sighting data privacy and national security concerns, the Governor decreed that state workers are prohibited from interacting with Chinese AI and social media apps including DeepSeek, RedNote, and Lemon8 on state-owned devices. Additionally, the ban includes Chinese stock-trading platforms such as Moomoo, Tiger Brokers, and Webull.

Read more
It’s easier than ever to use ChatGPT Search — sign-in no longer needed
The ChatGPT Search icon on the prompt window

You no longer need to sign in to use ChatGPT Search.

“ChatGPT search is now available to everyone on chatgpt.com,” OpenAI said in a post on X announcing the change, adding, “No sign up required.”

Read more