Adobe investigated by data watchdog over massive security breach

Adobe investigated by data watchdog over massive security breach

Summary: Ireland's Office of the Data Protection Commissioner is handling the investigation into Adobe's breach affecting all non-US customers.

TOPICS: Security, Privacy, EU

Ireland's data protection watchdog is investigating Adobe's data breach last year in which a hacker stole some 38 million user records.

In a statement to ZDNet, Ireland's Office of the Data Protection Commissioner (DPC) confirmed it had been investigating Adobe's data breach since October last year, after the company notified it of the incident.

"This Office immediately launched an investigation into the matter, which is still ongoing," the DPC said in the statement.

Adobe notified users, media and the Irish regulator of the breach in early October, which exposed some customers' credit cards details, as well as a larger set of usernames, email addresses and encrypted passwords.

Initially reported as a breach affecting 2.9 million customers, Adobe later admitted it affected 38 million users, although a leaked database of customer records, including emails, password hints and passwords, has suggested that figure could be far higher, with 100 million customers potentially affected.

Ireland's DPC has landed the investigation because Adobe, like Facebook and other tech giants registered in the country, treats its Irish operations as the data controller for all customers outside of North America.

The DPC said it had received a number of complaints from individuals about the matter.

As noted in other reports, Ireland's DPC has become the main non-US data protection authority for several major tech companies, including LinkedIn and Facebook.

After heading up the recent 'Europe vs Facebook' investigation, the DPC copped flack for taking a 'light-touch' approach to data protection regulation. However, Ireland's DPC Billy Hawkes has dismissed those criticisms, pointing out that the organisation doesn't go for a "confrontational form of regulation".

More on this story

Topics: Security, Privacy, EU

Liam Tung

About Liam Tung

Liam Tung is an Australian business technology journalist living a few too many Swedish miles north of Stockholm for his liking. He gained a bachelors degree in economics and arts (cultural studies) at Sydney's Macquarie University, but hacked (without Norse or malicious code for that matter) his way into a career as an enterprise tech, security and telecommunications journalist with ZDNet Australia. These days Liam is a full time freelance technology journalist who writes for several publications.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • who is keeping score, this is the nth significant secruity in a few months

    Like credit card fraud it's becoming an accepted part of the business model, both are completely wrong headed. To date the response of security experts is one of capturing more personal data on individuals with the theory that will allow them to thwart unauthorized access.

    WRONG! It only leads to more damaging leaks and ultimately will result in thieves accumulating uber profiles of people for which there will be no recourse but to issue them a new identity since there true identity will be irreversibly compromised.
    • edit: their true identity