Welcome to the new ZDNet! Give feedback or learn more about our updated design here. Or, return to the classic view.

Adobe investigated by data watchdog over massive security breach

Ireland's Office of the Data Protection Commissioner is handling the investigation into Adobe's breach affecting all non-US customers.

Ireland's data protection watchdog is investigating Adobe's data breach last year in which a hacker stole some 38 million user records.

In a statement to ZDNet, Ireland's Office of the Data Protection Commissioner (DPC) confirmed it had been investigating Adobe's data breach since October last year, after the company notified it of the incident .

"This Office immediately launched an investigation into the matter, which is still ongoing," the DPC said in the statement.

Adobe notified users, media and the Irish regulator of the breach in early October, which exposed some customers' credit cards details, as well as a larger set of usernames, email addresses and encrypted passwords.

Initially reported as a breach affecting 2.9 million customers, Adobe later admitted it affected 38 million users , although a leaked database of customer records, including emails, password hints and passwords, has suggested that figure could be far higher, with 100 million customers potentially affected.

Ireland's DPC has landed the investigation because Adobe, like Facebook and other tech giants registered in the country, treats its Irish operations as the data controller for all customers outside of North America.

The DPC said it had received a number of complaints from individuals about the matter.

As noted in other reports, Ireland's DPC has become the main non-US data protection authority for several major tech companies, including LinkedIn and Facebook.

After heading up the recent 'Europe vs Facebook' investigation, the DPC copped flack for taking a 'light-touch' approach to data protection regulation. However, Ireland's DPC Billy Hawkes has dismissed those criticisms, pointing out that the organisation doesn't go for a "confrontational form of regulation".

More on this story

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.
See All