Cyber Incident Victim: ASI Computer Systems

On November 1, 2018, ASI Computer Systems identified suspicious activity affecting customer accounts used to access their support website at https://go.asicentral.com. The company determined that unauthorized access to usernames and passwords had occurred prior to December 2016, though the specific intrusion method and timeline remained unspecified in their disclosures. By November 2, 2018, ASI completed its initial analysis confirming which credentials had been exposed, with particular focus on identifying affected California residents as required by state breach notification laws. The compromised login credentials provided access to customer service support materials and general information resources through the company's support portal. ASI did not disclose whether other personal data beyond authentication credentials was accessed or exfiltrated during the incident, nor did they specify the total number of affected accounts beyond confirming impacts to California residents.

ASI responded by immediately deactivating all existing passwords for potentially compromised accounts as a precautionary measure, forcing password resets for impacted users. The company formally notified affected California residents through individual communications that began on November 2, 2018, advising them their credentials had been subject to unauthorized access. In these notifications, ASI emphasized they took the security of accounts seriously and were actively investigating the suspicious activity, though they did not publicly disclose investigation findings regarding the attack's origin or duration. The primary operational consequence for users was temporary loss of access to the support portal until they completed the password reset process. ASI did not report whether the compromised credentials were leveraged for further unauthorized actions beyond the initial breach of the support site.