Why Direct Federal Regulation of Corporate Cybersecurity May Be Inevitable

Oct 04

Editor’s Note:  Unless the private sector effectively secures their intellectual property, cybersecurity regulation will take its place alongside environmental regulation, health and safety regulation and financial regulation as a major federal activity.  See, The Coming Cybersecurity Regulatory Revolution.

From: ZDnet

Adobe admits 2.9M customer accounts have been compromised

Summary: Unfortunately, the attack on Adobe also compromised customer names, encrypted credit or debit card numbers, expiration dates, and other information relating to customer orders.

By

Adobe announced on Thursday that it has been the target of a major security breach in which sensitive and personal data about millions of its customers have been put at risk.

Brad Arkin, senior director of security for Adobe products and services, explained in a blog post that the attack concerns both customer information and illegal access to source codes for “numerous Adobe products.”

A few examples include Adobe Acrobat, ColdFusion, and the ColdFusion Builder. However, as far as the source code is concerned, Adobe assured that there is no “increased risk to customers as a result of this incident.”

Adobe officials added that the investigation has not turned up any zero-day attacks either.

Unfortunately, the culprits have obtained access to a large swath of Adobe customer IDs and encrypted passwords.

Arkin specified that removed sensitive information (i.e. names, encrypted credit or debit card numbers, expiration dates, etc.) about approximately 2.9 million Adobe customers.

He added that investigators don’t “believe the attackers removed decrypted credit or debit card numbers” from Adobe’s systems.

While federal law officials are involved, Adobe stressed that there are some precautions that customers need to take action on now.

Adobe is resetting the passwords on breached Adobe customer IDs, and users will receive an email if they are affected. The software giant is also currently notifying customers whose credit or debit card information was exposed.

Facebooktwittergoogle_plusredditpinterestlinkedinmail

Leave a Reply

Your email address will not be published.

Please Answer: *