alphaspirit - Fotolia
In this Risk & Repeat podcast, SearchSecurity editors discuss the recent Acer data breach and the questions it raises about the company's payment security practices.
The recent Acer data breach that exposed the credit card information of thousands of customers has led to many questions about the robustness of payment security measures within enterprises.
News of the Acer breach broke after the Taiwanese computer manufacturer filed a data breach notification letter with the California attorney general's office. Acer later announced that approximately 34,500 customers of the company's U.S. ecommerce website had their credit card information -- including the account number, expiration date and CVV security code -- exposed in the breach, which lasted almost an entire calendar year before it was detected. In addition, the company disclosed to media outlets that it had accidentally stored the credit card data in "an unsecured format."
While details of how the attackers gained access to the credit card data have yet to emerge, the Acer breach raises questions about the computer maker's payment security practices. Why was Acer storing customers' CVV security codes, and why was all of the credit card data stored in one place? Why wasn't the data protected with some kind of encryption or tokenization? And why did it take so long for Acer to discover the breach?
In this episode of SearchSecurity's Risk & Repeat podcast, site editors Rob Wright and Peter Loshin discuss these questions and debate just how bad the Acer breach and the company's breach notification letter are compared to other recent enterprise examples.
Risk & Repeat: Breaking down the Symantec-Blue Coat deal
Risk & Repeat: Ransomware worm raises concerns for enterprises
Risk & Repeat: Cyberextortion and bug poaching plaguing enterprises