Hackers infiltrated the internal computer network of Adobe Systems, pilfering the personal data — including the encrypted credit or debit card numbers — of 2.9 million customers, the company has announced.
The source code for numerous Adobe products was also stolen, seemingly by the same hackers.
“Our investigation currently indicates that the attackers accessed Adobe customer IDs and encrypted passwords on our systems,” the company said in a blog post. “We also believe the attackers removed from our systems certain information relating to 2.9 million Adobe customers, including customer names, encrypted credit or debit card numbers, expiration dates, and other information relating to customer orders. At this time, we do not believe the attackers removed decrypted credit or debit card numbers from our systems. We deeply regret that this incident occurred.”
Since the recent discovery of the attacks by Adobe’s security team, the firm has been working with federal law enforcement to investigate its source.
The firm is also taking a number of steps to address the issues resulting from the attack.
Theses steps include:
• Resetting relevant customer passwords to help prevent unauthorized account access.
Those whose user IDs and passwords were affected will receive an e-mail notification with information on how to change their passwords.
“We also recommend that you change your passwords on any website where you may have used the same user ID and password,” the blog post says.
• Notifying customers whose credit or debit card information was taken.
Those who were victimized will receive a notification letter from Adobe outlining the steps taken to help customers protect themselves from misuse of their personal data. Adobe is also offering customers, whose credit or debit card information was involved, the option of enrolling in a one-year complimentary credit monitoring membership where available.
• Notification of the banks processing customer payments for Adobe, so the institutions can work with the payment card companies and card-issuing banks to aid in protection of customers’ accounts.
“We value the trust of our customer,” the post says. “We will work aggressively to prevent these types of events from occurring in the future.”