Taiwanese hardware and electronics corporation Acer has reported a data breach affecting “certain customers who used [its] ecommerce site between May 12, 2015 and April 28, 2016”.
According to a letter to customers published on California’s Attorney General’s website, an unauthorized third party accessed customer information “potentially including your name, address, card number ending in [insert], expiration date and three-digit security codes.”
According to PCWorld, “the data was stolen because the company ‘inadvertently stored [the stolen consumer data] in an unsecured format.’”
ZDNet reports that an Acer spokesman said 34,500 customers, located in the US, Canada, and Puerto Rico, were affected.
“We value the trust you place in us,” said Mark Groveunder, Vice President, Customer Service. “We regret this incident occurred, and we will be working hard to enhance our security.”
The PCI DSS
The security of payment card information is regulated by the PCI SSC (Payment Card Industry Security Standards Council) through the PCI DSS (Payment Card Industry Data Security Standard).
The PCI DSS applies to all people, processes, and technologies that are involved in the processing, transmission, or storage of cardholder data. It can apply across the whole of your organization, or to a subset of your organization if you have correctly compartmentalized the processing, transmission, or storage of cardholder data.
Every organization that stores, transmits, or processes cardholder data must comply with the Standard.
Compliance is demonstrated by successfully completing an audit of the cardholder data environment.
The type of audit depends on the compliance requirements and the merchant or service provider’s level set by the relevant payment brand.
Providing compliant documentation is a key requirement of the PCI DSS, but fulfilling that obligation can be time-consuming and prone to error. Fortunately, expert help is available.
PCI DSS Documentation Toolkit
IT Governance’s PCI DSS Documentation Toolkit provides guidance and documentation templates from a PCI Qualified Security Assessor.
With easy-to-use, fully customizable templates, the PCI DSS Documentation Toolkit significantly reduces your risk of error, ensures you comply with the requirements of the PCI DSS, and is available with 12 months of free updates and unlimited drafting support.