Acer, the Taiwan-based computer manufacturer, has reached a settlement with the New York Attorney Generals office following a breach.

The company has agreed to pay a fine of $115,000 and improve its security practices.

The breach was discovered in June 2016 and hackers stole personal information that included names, addresses, email addresses, card numbers, expiration dates, security codes and user names and passwords. The breach went undetected from May 2015 through April 2016. It involved more than 35,000 Acer customers across the U.S., Canada and Puerto Rico.

An investigation found that the personal information was stored in an unsecured format. The AG's investigation determined that "at least one attacker exploited Acer website vulnerabilities to view and ex-filtrate sensitive customer data."

New York State Attorney General (NYSAG) Eric T. Schneiderman commented on the settlement: “Businesses have a duty to protect their customers' personal information as securely as possible. Lax security practices like those we uncovered at Acer put New Yorkers' credit card information and other personal data at serious risk. That's unacceptable, and will change under the terms of our settlement today. My office will continue to hold businesses accountable for protecting their customers' private information."

Source: SCMagazine