On October 3, 2013 Adobe announced that it had become aware of cyber attacks on its network which began in mid August 2013.These attacks involved the illegal access to Adobe customer’s information, and source code for several Adobe products were also compromised. The attack was large scale and sophisticated, cyber criminals were able to access 152 million customer accounts; however, all but 38 MM of the accounts were inactive or simply test accounts with no sensitive information. Of the 38 MM hacked accounts, nearly 35 MM of those accounts had email addresses including the password data and user IDs stolen and the remaining 3 MM had those items plus credit card information stolen.
The Customer Security Announcement posted by Brad Arkin, Chief Security Officer for Adobe, outlined the security breach for affected and possibly affected customers and detailed that the breached data included the customer’s names, encrypted credit or debit card numbers, expiration dates, as well as other information pertaining to Adobe customer orders.
Adobe’s internal security team is working in conjunction with outside cyber security partners as well as law enforcement agencies to investigate and resolve the incidents and have taken steps to protect its customers. Adobe has implemented the following precautions:
- Contacted the FBI and is working with them to assist in the investigation.
- As a precautionary measure, Adobe is resetting pertinent customer passwords to aid in keeping unauthorized entities from accessing Adobe customer accounts.
- Adobe is notifying affected customers by way of email with information about how to change your Adobe password. Adobe also suggests that you change your password on any other site you may have used the same (your old Adobe) password and user ID.
- Adobe customers whose credit or debit card information was illegally accessed will be alerted of the incident with a notification letter, as required by law. The notification letter will provide additional information on what you may want to do to further protect your personal information.
- Adobe is offering a one year membership for free credit monitoring services to customers whose credit or debit card information was compromised by the Adobe breach.
- Adobe has contacted the appropriate banking authorities that process Adobe customer payments, as well as the card issuing banks and third party processors to assist in preventing any fraudulent charges to customer accounts.
In the closing of Adobe’s statement the company stated that they are investigating the hack into the source code of various Adobe products that occurred during the breach and provided this link here for customers who may want further information. In closing Adobe apologized for the incident and said they would be “working aggressively” to prevent attacks of this type in the future and again provided a link for customers with any further questions Customer Support page.
Cyber Insurance Coverage Information: NA, but it should be noted that Adobe settled a class action lawsuit for an undisclosed amount and is looking at $1.2 million in legal costs pertaining to the 2013 cyber breach.