Adobe Data Breach

Number: AL13-004
Date: 4 October 2013


The purpose of this alert is to notify that, on October 3, 2013, Adobe Systems Inc. announced that it had been the victim of a cyber attack and that the attacker(s) gained access to detailed account information.


It was announced that hackers were able to remove information on up to 2.9 million customers, including customer names, encrypted credit or debit card numbers, expiration dates, and other information relating to customer orders.

Adobe also announced that the attacker(s) stole source code for Adobe Acrobat, ColdFusion and ColdFusion Builder. At this time the company is not aware of any zero-day vulnerabilities for any of the aforementioned products.

Adobe has been reaching out to all customers who have been affected by this breach, informing them and assisting them with password changes, and raising awareness of the potential misuse of this compromised data.

Suggested action

CCIRC recommends that organizations review the following mitigation steps and consider their implementation in the context of their environment accordingly:


Note to Readers

In support of Public Safety's mission to build a safe and resilient Canada, CCIRC's mandate is to help ensure the security and resilience of the vital non-federal government cyber systems that underpin Canada's national security, public safety and economic prosperity. As Canada's computer security incident response team, CCIRC is Canada's national coordination centre for the prevention and mitigation of, preparedness for, response to, and recovery from cyber incidents on non-federal government systems. It does this by providing authoritative advice and support, and coordinating information sharing and incident response.

Please note, CCIRC PGP key has recently been updated.

For general information, please contact Public Safety Canada's Public Affairs division at:

Telephone: 613-944-4875 or 1-800-830-3118
Fax: 613-998-9589

Date modified: