Tech giant Acer is notifying thousands of customers that over the course of nearly a year, an unauthorized party may have accessed their payment card information.
In a letter sent to the California Attorney General’s office, the Taiwan-based company explained the breach involved the information of customers who had used its North American ecommerce site between May 12, 2015 and April 28, 2016.
The compromised data included customer names, addresses, credit card numbers, and expiration dates, as well as the three-digit security codes.
An Acer spokesperson told ZDNet the company has notified 34,500 affected customers based in the United States, Canada and Puerto Rico.
“Safeguarding your personal information is important to us,” said the company.
“We took immediate steps to remediate this security issue upon identifying it, and we are being assisted by outside cybersecurity experts. We have reported this issue to our credit card payment processor. We have also contacted and offered our full cooperation to federal law enforcement,” read the letter.
The company added it has not yet found evidence indicating that customer password or login credentials were affected by the breach. It also noted it does not collect Social Security numbers.
Acer advised customers to remain vigilant by reviewing account statements and monitoring their credit reports, although it will not be offering free identity protection services.
For those who believe they have been victims of identity theft or fraud, the company gave the options of filing a police report, contacting their State Attorney General’s office or the U.S. Federal Trade Commission.
“We value the trust you place in us. We regret this incident occurred, and we will be working to enhance our security,” concluded the letter signed by Mark Groveunder, Acer’s vice president of customer service.