Cyber Incident Victim: Acer Inc.

Acer Inc. experienced two cyberattacks within one week in October 2021, both attributed to the hacking group Desorden. The first breach targeted Acer India's after-sales service systems, with Desorden notifying journalists in early October 2021 about stolen customer data. Acer confirmed this as an isolated incident limited to their Indian operations. On October 15, 2021, Desorden breached Acer Taiwan's servers, exfiltrating employee information, product data, and login credentials. The attackers provided BleepingComputer with evidence including screenshots of an internal Taiwan portal and CSV files containing employee credentials. Desorden stated their motivation was to demonstrate Acer's systemic cybersecurity vulnerabilities rather than seeking financial gain, specifically citing neglected security measures. The Taiwan breach occurred less than seven days after the India incident, contradicting Acer's initial characterization of the first attack as isolated.

Acer Taiwan disabled the compromised server promptly after being notified by the threat actors. The company issued a unified statement confirming both breaches, clarifying that the Taiwan incident involved only employee data without customer impact, while the India breach required customer notifications. Acer initiated security protocol activations, system-wide scans, and reported the incidents to law enforcement authorities in both regions. Desorden claimed additional vulnerabilities existed in Acer's Malaysia and Indonesia servers at the time of disclosure, though no breaches of those systems were confirmed. The company maintained the incidents caused no material operational or business continuity impacts. These attacks followed a separate March 2021 ransomware incident involving the REvil group that had resulted in a $50 million ransom demand. Desorden had previously breached ABX Express in September 2021, establishing their pattern of corporate data theft and extortion tactics prior to targeting Acer.