Acer has confirmed yet another cyberattack on its servers in Taiwan after their offices in India were hit less than a week ago by the same group.
The Desorden Group — which claimed responsibility for both attacks — contacted ZDNet and said part of why they conducted the second attack was to prove their point “that Acer is way behind in its cybersecurity effects on protecting its data and is a global network of vulnerable servers.”
Acer spokesman Steven Chung told ZDNet that the company recently detected “an isolated attack on our local after-sales service system in India and a further attack in Taiwan.”
“Upon detection, we immediately initiated our security protocols and conducted a full scan of our systems. We are notifying all potentially affected customers in India, while the attacked Taiwan system does not involve customer data,” Chung said.
“The incident has been reported to local law enforcement and relevant authorities, and has no material impact to our operations and business continuity,” he added.
The group said it hacked Acer’s Taiwan servers that stored data on its employees and product information.
“We did not steal all data, and only took data pertaining to their employee details. Right after the breach, we informed Acer management on the Taiwan server breach and Acer has since taken the affected server offline,” the group said in an email to ZDNet.
“Also, a few other of its global networks including Malaysia and Indonesia servers are vulnerable too.”
The group did not say how much data they stole in this attack and did not respond to questions about what its end-goal is with these breaches.
Acer has had a rough year from a cybersecurity perspective, suffering a ransomware attack in March that led to a previously-unheard ransom demand of $50 million. It is unclear if Acer ever paid the ransom.
The attack last week on the company’s servers in India led to 60GB of files being stolen by the Desorden Group, which also claimed an attack on the Malaysian servers of ABX Express Enterprise in September.
Acer India was hit with a similar cyberattack in 2012 by a Turkish cybercriminal group, according to DataBreaches.net. The attackers defaced the company website and leaked 20,000 user credentials at the time.
Is your business effected by Cyber Crime?
If a cyber crime or cyber attack happens to you, you need to respond quickly. Cyber crime in its several formats such as online identity theft, financial fraud, stalking, bullying, hacking, e-mail fraud, email spoofing, invoice fraud, email scams, banking scam, CEO fraud. Cyber fraud can lead to major disruption and financial disasters. Digitpol can assist with all stages of cyber related incidents.
Contact Digitpol’s hotlines or respond to us online.
UK +44 20 8089 9944