Out-Law / Your Daily Need-To-Know

Out-Law News 2 min. read

Acer customer database breached, hackers say


Hackers have stolen the personal data of 40,000 Acer customers, according to reports.

The names, addresses, phone numbers, email addresses and other information about Acer's customers were accessed by the Pakistan Cyber Army (PCA) from a server used by Acer Europe, The Hacker News website said.

"We got mail from PCA that they successfully hacked the [file network] of ACER and stole around 40,000 users data, various source codes stored on server," The Hacker News website said in a report.

Lisa Emard, director of media relations for Acer America, said the company had asked its European officials for a response to the claimed security breach, the Computerworld website said in a report.

If the breach is verified Acer would be the latest organisation to have had customer data stolen.

Last week Sony Pictures apologised after admitting hackers had stolen customer information. Hackers' group LulzSec had claimed to have stolen more than one million customers' details from the SonyPictures.com website.

"We have confirmed that a breach has occurred and have taken action to protect against further intrusion. A respected team of outside experts is conducting a forensic analysis of the attack," Michael Lynton, Chairman and Chief Executive Officer, and Amy Pascal, Co-Chairman, Sony Pictures Entertainment said in a statement.

"We have contacted the U.S. Federal Bureau of Investigation and are working with them to assist in the identification and apprehension of those responsible for this crime," the statement said.

"We deeply regret and apologize for any inconvenience caused to consumers by this cybercrime," the statement said.

LulzSec now claims to have breached the security of the Sony Pictures Russia website after posting a link on Twitter to code containing a database outline for the website. No information stored within the database was published, according to a report by Tech Herald.

Sony recently restored its PlayStation Network (PSN) following a data breach. On 27 April Sony admitted that more than 77 million customers registered with the PSN may have had their personal details stolen.

The company turned off its PSN and music streaming service Qriocity on 20 April after discovering a breach of the information stored on its databases. PSN allows PlayStation 3 users to log in online and play games against other users live, as well as download games, films and other media.

Information stolen included users' names, addresses, email addresses, birthdays and their username and password login for the PSN.

In May Sony also admitted that hackers had breached its Sony Online Entertainment (SOE) security systems. The company said the hackers may have stolen the details of 25 million SOE customers.

"Stolen information includes, to the extent you provided it to us, the following: name, address (city, state, zip, country), email address, gender, birthdate, phone number, login name and hashed password," SOE said in a statement at the time.

Sony's rival Nintendo has admitted that it was the subject of a hacking attack, according to a Reuters news agency report. Nintendo said that no customer data was stolen, according to the report.

LulzSec claimed responsibility for the attack last week and said it had taken one file.

"We ... didn't mean any harm. Nintendo had already fixed it anyway," LulzSec said in a Twitter post.

The Sony data breach is thought to be one of the largest personal information breaches ever.

In 2007 TJX, a discount clothes retailer, announced that credit card information had been stolen from more than 45 million customers. TJX own TK Maxx.

Some of the information was stolen by hackers breaking into the wireless networks used to transmit credit card details. TJX said at the time that 75% of the cards had expired or had their numbers blacked out, but did admit that decryption software programs might be able to fill in some of the blacked out numbers.

TJX agreed to pay $40.9m to Visa member banks to compensate them in return for those banks agreeing "to release TJX and its U.S. acquirers from legal and financial liability," according to a statement from Visa and TJX.

We are processing your request. \n Thank you for your patience. An error occurred. This could be due to inactivity on the page - please try again.