Acer suffers two cyber attacks in a week

Acer suffers second cyber attack by the same threat group in less than a week

Image:

Acer suffers second cyber attack by the same threat group in less than a week

Hackers say the company is 'way behind in its cybersecurity effects on protecting its data'

Taiwan-based PC brand Acer has fallen victim to a second cyber attack in less than a week by the same hacking group. The group says it conducted attacks to demonstrate poor data protection capabilities of the company.

The Desorden group has claimed responsibility for both attacks - first in India and the second in Taiwan - warning that many of Acer's servers in other regions are also vulnerable to attacks.

Last week, the group told Bleeping Computer that it hacked Acer's Taiwan servers that stored data on its product and employees information.

"We did not steal all data, and only took data pertaining to their employee details. Right after the breach, we informed Acer management on the Taiwan server breach and Acer has since taken the affected server offline," the hackers said.

They added that Acer was "way behind in its cybersecurity effects on protecting its data" and that its servers in Malaysia and Indonesia are still vulnerable to cyber attacks.

Acer confirmed the Taiwan attack in a statement, saying that the second breach only involved employee data.

The PC maker said that upon detecting the breach, it initiated all security protocols and conducted a full scan of its systems.

"We are notifying all potentially affected customers in India, while the attacked Taiwan system does not involve customer data. The incident has been reported to local law enforcement and relevant authorities, and has no material impact to our operations and business continuity."

Acer spokesperson Steven Chung told Taipei Times that the hackers tried to initiate communication following the attack, but the company did not respond.

"We are not going to negotiate and it is not company policy to pay ransom to hackers," he said.

The Acer data breach came to light last week after Desorden emailed journalists to say they compromised the company's servers in India and stole some data from those servers.

Acer said at the time that it was an "isolated attack" that affected only their after-sales service systems in the country.

It is not the first time that Acer has suffered a data breach.

In March, ransomware group REvil encrypted the company's systems and asked for a ransom of US$50 million. Acer reportedly countered with an offer of US$10 million, which was declined by the hackers.

Last year, Taiwan-based contract manufacturer Hon Hai Precision Industry Co, industrial computer manufacturer Advantech Co, and Compal Electronics also fell victim to ransomware attacks.

In the case of Compal - the world's second-largest laptop maker - hackers reportedly demanded a ransom of $17 million worth of bitcoin from the company.