Acer Philippines responds to security breach with transparency and assurance: An official statement reveals a third-party vendor's system compromise, emphasizing customer data security and ongoing investigations.

Acer Philippines confirmed through an official statement that a security breach occurred within a third-party vendor's system. The vendor was responsible for managing Acer Philippines' employee attendance data, and the breach resulted in the unauthorized access of this information.

The company emphasized that this incident does not involve Acer Philippines customer databases. Customer data remains secure, as the attendance system and customer databases are entirely separate. In addition, Acer maintains internal systems that protect customer data from cybersecurity threats.

Acer Philippines has alerted the National Privacy Commission (NPC) and the Cybercrime Investigation and Coordinating Center (CICC) regarding the incident. A full investigation into the circumstances of the breach is currently underway.

The company encourages individuals with questions or concerns to contact Acer Philippines through their official support channels.

What is a supply chain attack

Supply chain attacks involve cybercriminals targeting less secure elements within an organization's network of suppliers and vendors. These attacks aim to gain access to the larger organization's systems. This method is becoming increasingly common as companies improve cybersecurity, forcing attackers to exploit weaknesses in their partners' systems. While the attackers successfully infiltrated the employee attendance system, Acer Philippines has confirmed that customer data remains secure.

Philippine Airlines (Mabuhay Miles) was a victim of a supply chain attack in 2023, a data breach affecting the frequent flyer program. The breach was linked to a third-party service provider.

Other notable global supply chain attack victims include:

SolarWinds: A massive 2020 supply chain attack where hackers compromised SolarWinds' Orion network management software. This allowed them to infiltrate numerous government agencies and large corporations worldwide.

Kaseya: In 2021, attackers leveraged Kaseya's VSA remote management software to distribute ransomware to numerous businesses, impacting hundreds of companies.

Codecov: In 2021, a software testing tool was compromised, allowing hackers to potentially steal sensitive data from hundreds of companies that used it.

Target: The infamous 2013 Target data breach initially occurred through a supply chain attack. Hackers targeted an HVAC vendor with access to Target's systems.

Maersk: The international shipping company was one of the victims hit hard by the NotPetya ransomware, spread in part through compromised Ukrainian accounting software.

Recommendations to mitigate supply chain attacks

Organizations are advised to adopt a comprehensive security strategy to combat the rising threat of supply chain attacks. This includes rigorous vetting of third-party vendors, incorporating security obligations into contracts, and ongoing compliance monitoring. Emphasizing a zero-trust security model, network segmentation, and multi-factor authentication are crucial. Additionally, adopting secure software development practices, maintaining a software bill of materials, and vulnerability scanning can help safeguard against potential breaches. Organizations should also have a solid incident response plan, conduct regular security training, and engage in industry-wide collaborations to stay ahead of cyber threats. Finally, stay informed about threat intelligence and collaborate with others in your industry to strengthen your defenses against this growing cybersecurity risk.