Waqas reports:
Acer Inc., a major global technology company based in Taiwan, is facing a potential data breach from a hacker going by the alias “Kernelware.” The hacker is claiming responsibility for a major data breach at Acer Inc., a leading multinational company based in Taiwan that designs and sells hardware and electronics products.
According to Kernelware, the alleged breach occurred in mid-February 2023 and resulted in the theft of a vast amount of sensitive information, totalling 160GB of 655 directories and 2869 files.
Read more at HackRead.
If this really is a new and confirmed breach of Acer, then this would be their fourth breach that we know of in less than two years:
— The first was disclosed in March 2021 and involved the Sodinokibi ransomware group (REvil).
— The second was disclosed in October 2021 by DESORDEN, who claimed to have exfiltrated 60 GB of files from Acer India.
— The third was days later in October 2021, when DESORDEN announced they had successfully attacked Acer Taiwan’s employee data. Acer sent DataBreaches a statement confirming both attacks.
Have any regulators investigated or fined Acer for any data protection violations? Four breaches in two years? Are Acer just sitting ducks for attackers?
DataBreaches sent an inquiry to Acer asking if they could confirm or deny the newest claims and if any regulators had been involved in reviewing their data protection after previous breaches. A statement was just received from Acer Corporate Communications:
We have recently detected an incident of unauthorized access to one of our document servers for repair technicians. While our investigation is ongoing, there is currently no indication that any consumer data was stored on that server.
There was no reply to the other inquiries.