Adobe’s Chief Security Officer Brad Arkin announced today on the company’s blog that “sophisticated attacks” on its network have been discovered and that some customer information was compromised in the process:
Cyber attacks are one of the unfortunate realities of doing business today. Given the profile and widespread use of many of our products, Adobe has attracted increasing attention from cyber attackers. Very recently, Adobe’s security team discovered sophisticated attacks on our network, involving the illegal access of customer information as well as source code for numerous Adobe products. We believe these attacks may be related.
Arkin says Adobe’s ongoing investigation has found that the attackers have accessed Adobe IDs and encrypted passwords for approximately 2.9 million customers, but that it does “not believe the attackers removed decrypted credit or debit card numbers.” They were, however, able to get their hands on names, encrypted credit or debit card numbers, expiration dates, and customer order information. The company is also investigating an attack that accessed source code for several Adobe products illegally.
Adobe is of course working with law enforcement and continuing its investigation, but in the meantime it announced it will be contacting customers, banks, law enforcement, and automatically reseting customer passwords:
- As a precaution, we are resetting relevant customer passwords to help prevent unauthorized access to Adobe ID accounts. If your user ID and password were involved, you will receive an email notification from us with information on how to change your password. We also recommend that you change your passwords on any website where you may have used the same user ID and password.
- We are in the process of notifying customers whose credit or debit card information we believe to be involved in the incident. If your information was involved, you will receive a notification letter from us with additional information on steps you can take to help protect yourself against potential misuse of personal information about you. Adobe is also offering customers, whose credit or debit card information was involved, the option of enrolling in a one-year complimentary credit monitoring membership where available.
- We have notified the banks processing customer payments for Adobe, so that they can work with the payment card companies and card-issuing banks to help protect customers’ accounts.
- We have contacted federal law enforcement and are assisting in their investigation.