Acer Philippines confirmed that worker information was stolen in an assault on a third-party vendor who manages the corporate’s worker attendance information after a risk actor leaked the info on a hacking discussion board.
Acer is a Taiwanese maker of laptop {hardware} and electronics, finest identified for its laptops that supply stability of efficiency, high quality, and aggressive pricing.
Earlier immediately, a risk actor often known as ‘ph1ns’ printed a hyperlink to obtain a stolen database containing Acer worker information without spending a dime on a hacking discussion board.
The attacker instructed BleepingComputer that no ransomware or encryption was concerned and that it was a pure information theft assault.
They additional confirmed to BleepingComputer that they weren’t trying to extort the corporate. Nevertheless, they did present proof that they wiped information on the breached servers earlier than they misplaced entry.
We reached out to Acer to confirm the authenticity of the risk actors’ claims, and an Acer spokesperson confirmed that the info is theirs however was not acquired straight from the corporate’s techniques.
“We’re conscious that one in every of our exterior distributors within the Philippines has suffered a knowledge breach, and in consequence, a restricted set of worker information has been compromised,” a spokesperson instructed BleepingComputer.
“Whereas we’re working with the seller, cybersecurity consultants and regulation enforcement, we wish to emphasize that no buyer information has been affected and there’s no proof of any breach of Acer’s techniques.”
Acer Philippines later issued a public statement on X providing comparable assurances concerning the safety of buyer information and confirming that its techniques stay uncompromised.
The pc maker has notified the Nationwide Privateness Fee (NPC) and the Cybercrime Investigation and Coordinating Middle (CICC) within the Philippines, and an investigation of the incident is underway.
Acer’s previous lapses
Acer has had a number of safety incidents lately. In February 2023, hackers breached an organization server holding technical manuals, software program instruments, BIOS photographs, and substitute digital product keys (RDPK), amongst different issues.
In October 2021, Acer admitted that its India-based after-sales service had been compromised, and tens of millions of data containing buyer information have been stolen.
Lastly, in March 2021, the pc maker was hit by a REvil ransomware attack that broke data for demanding a ransom cost of $50 million.
