Adobe investigated by data watchdog over massive security breach

Ireland's Office of the Data Protection Commissioner is handling the investigation into Adobe's breach affecting all non-US customers.

Ireland's data protection watchdog is investigating Adobe's data breach last year in which a hacker stole some 38 million user records.

In a statement to ZDNet, Ireland's Office of the Data Protection Commissioner (DPC) confirmed it had been investigating Adobe's data breach since October last year, after the company notified it of the incident .

Read this

Just how bad are the top 100 passwords from the Adobe hack? (Hint: think really, really bad)

A new analysis of Adobe user passwords leaked after its hack last month reveals yet again that most people prefer avoid complexity when it comes to passwords.

Read More

"This Office immediately launched an investigation into the matter, which is still ongoing," the DPC said in the statement.

Adobe notified users, media and the Irish regulator of the breach in early October, which exposed some customers' credit cards details, as well as a larger set of usernames, email addresses and encrypted passwords.

Initially reported as a breach affecting 2.9 million customers, Adobe later admitted it affected 38 million users , although a leaked database of customer records, including emails, password hints and passwords, has suggested that figure could be far higher, with 100 million customers potentially affected.

Ireland's DPC has landed the investigation because Adobe, like Facebook and other tech giants registered in the country, treats its Irish operations as the data controller for all customers outside of North America.

The DPC said it had received a number of complaints from individuals about the matter.

As noted in other reports, Ireland's DPC has become the main non-US data protection authority for several major tech companies, including LinkedIn and Facebook.

After heading up the recent 'Europe vs Facebook' investigation, the DPC copped flack for taking a 'light-touch' approach to data protection regulation. However, Ireland's DPC Billy Hawkes has dismissed those criticisms, pointing out that the organisation doesn't go for a "confrontational form of regulation".

More on this story