alphaspirit - Fotolia

Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Risk & Repeat: Acer data breach shows payment security shortcomings

Listen to this podcast

In this Risk & Repeat podcast, SearchSecurity editors discuss the recent Acer data breach and the questions it raises about the company's payment security practices.

The recent Acer data breach that exposed the credit card information of thousands of customers has led to many questions about the robustness of payment security measures within enterprises.

News of the Acer breach broke after the Taiwanese computer manufacturer filed a data breach notification letter with the California attorney general's office. Acer later announced that approximately 34,500 customers of the company's U.S. ecommerce website had their credit card information -- including the account number, expiration date and CVV security code -- exposed in the breach, which lasted almost an entire calendar year before it was detected. In addition, the company disclosed to media outlets that it had accidentally stored the credit card data in "an unsecured format."

While details of how the attackers gained access to the credit card data have yet to emerge, the Acer breach raises questions about the computer maker's payment security practices. Why was Acer storing customers' CVV security codes, and why was all of the credit card data stored in one place? Why wasn't the data protected with some kind of encryption or tokenization? And why did it take so long for Acer to discover the breach?

In this episode of SearchSecurity's Risk & Repeat podcast, site editors Rob Wright and Peter Loshin discuss these questions and debate just how bad the Acer breach and the company's breach notification letter are compared to other recent enterprise examples.

Next Steps

Risk & Repeat: Breaking down the Symantec-Blue Coat deal

Risk & Repeat: Ransomware worm raises concerns for enterprises

Risk & Repeat: Cyberextortion and bug poaching plaguing enterprises

Join the conversation

1 comment

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

How does the Acer breach and exposure of customer credit card data compare to other notable enterprise breaches?
Cancel

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly.com

Close