Acer Philippines confirmed that employee data was stolen in an attack on a third-party vendor who manages the company's employee attendance data after a threat actor leaked the data on a hacking forum.
Acer is a Taiwanese maker of computer hardware and electronics, best known for its laptops that offer a good balance of performance, quality, and competitive pricing.
Earlier today, a threat actor known as 'ph1ns' published a link to download a stolen database containing Acer employee data for free on a hacking forum.
The attacker told BleepingComputer that no ransomware or encryption was involved and that it was a pure data theft attack.
They further confirmed to BleepingComputer that they were not attempting to extort the company.
They did provide evidence that they wiped data on the breached servers before they lost access.
We reached out to Acer to verify the authenticity of the threat actors' claims, and an Acer spokesperson confirmed that the data is theirs but was not acquired directly from the company's systems.
Acer Philippines later issued a public statement on X offering similar assurances about the security of customer data and confirming that its systems remain uncompromised.
The computer maker has notified the National Privacy Commission and the Cybercrime Investigation and Coordinating Center in the Philippines, and an investigation of the incident is underway.
Acer has had multiple security incidents in recent years.
In February 2023, hackers breached a company server holding technical manuals, software tools, BIOS images, and replacement digital product keys, among other things.
In October 2021, Acer admitted that its India-based after-sales service had been compromised, and millions of records containing customer data were stolen.
Finally, in March 2021, the computer maker was hit by a REvil ransomware attack that broke records for demanding a ransom payment of $50 million.
Okta: October data breach affects all customer support system users.
Pharmaceutical giant Cencora says data was stolen in a cyberattack.
Insomniac Games alerts employees hit by ransomware data breach.
Johnson Controls says ransomware attack cost $27 million, data stolen.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Tue, 12 Mar 2024 19:35:23 +0000