Adobe’s network compromised: 2.9 million customer names, encrypted credit and debit card numbers, and source code

Adobe’s network compromised: 2.9 million customer names, encrypted credit and debit card numbers, ...

Software firm Adobe today revealed its network was compromised. Information that was leaked included 2.9 million customer names, encrypted credit or debit card numbers, expiration dates, and “other information relating to customer orders.”

Adobe wouldn’t say when the breach occurred, and only mentioned that its security team discovered sophisticated attacks on its network “very recently.” Source code for “numerous Adobe products” was also accessed.

Adobe says it has taken the following steps:

  • As a precaution, the company is resetting relevant customer passwords to help prevent unauthorized access to Adobe ID accounts. If your user ID and password were involved, you will receive an email notification with information on how to change your password. Adobe also recommends that you change your passwords on any website where you may have used the same user ID and password.
  • The company is in the process of notifying customers whose credit or debit card information it believes to be involved in the incident. If your information was involved, you will receive a notification letter with additional information on steps you can take to help protect yourself against potential misuse of personal information about you. Adobe is also offering customers, whose credit or debit card information was involved, the option of enrolling in a one-year complimentary credit monitoring membership where available.
  • It has already notified the banks processing customer payments for Adobe, so that they can work with the payment card companies and card-issuing banks to help protect customers’ accounts.
  • It has contacted federal law enforcement and are assisting in their investigation.

Adobe says its investigation so far has found that the attackers accessed Adobe customer IDs and encrypted passwords on its systems. It does not currently believe they removed decrypted credit or debit card numbers and that it does not think the illegal access of its source code could provide any specific increased risk to its customers.

The company also offered up the following apology:

We deeply regret that this incident occurred. We’re working diligently internally, as well as with external partners and law enforcement, to address the incident.

We value the trust of our customers. We will work aggressively to prevent these types of events from occurring in the future. Again, we deeply regret any inconvenience this may cause you.

Adobe is continuing its investigation. We’ll let you know if anything changes.

Top Image Credit: Justin Sullivan/Getty Images

Read next: Twitter IPO filing reveals company looks to raise $1 billion