Adobe Web Portal Exposed Educational Software Users Personal Data
Personal information stored on a server accessed via an Adobe website portal has been accessible without any authorization. The information contained name, address, home and/or cellular phone number, email address, date of birth, school name, partial or full credit card number, credit card expiration data, credit card security code, partial or full bank account number, partial or full Social Security number, school identification card, driver’s license number, government identification, military identification number, and a copy of a signature.
The server was created to allow customers to upload information in order to enable Adobe to validate a customer’s qualification to purchase certain education software. The information was stored on a server at a time when the server did not contain Adobe’s standard security or authentication procedures.
Immediately after Adobe learned of this incident, they secured the server and removed the feature in the website portal allowing customer access in order to prevent unauthorized access to the information.
Additionally, an investigation began in order to determine which files, if any, were exposed. The investigation revealed that files containing the above information were not properly secured, and could have been accessed by unauthorized third parties via the Internet.
The New Hampshire State Attorney General has notified customers involved in this accident (it is unknown how many there are) in May 1. Adobe will also provide a year of free credit monitoring.
More on CyberInsecure:
Leave a Reply
Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.