Adobe has confirmed that it has been the victim of a cyber attack in which the private information of 2.9 million customers has been stolen.
The firm, well-known for its Reader and Acrobat software, said that customer names, encrypted credit card or debit card numbers, expiration dates, and other data relating to customer orders were removed from Adobe's systems.
Adobe's chief security officer, Brad Arkin, said that the firm did not believe that the attackers removed any decrypted credit or debit card numbers from its systems.
The company, which in February had to investigate reports of a zero-day security flaw in its Reader and Acrobat software that left users vulnerable to cyber attacks, said that it was taking steps to help prevent any further issues.
"We are resetting relevant customer passwords to help prevent unauthorized access to Adobe ID accounts," Arkin explained.
Adobe is also notifying customers whose credit or debit card information is believed to be compromised.
It's offering those customers one year's credit monitoring for free.
The firm has also notified the banks that are processing customer payments for Adobe, so that they can work with the credit and debit card companies to protect customers' accounts.
Finally, the company said it contacted federal law enforcement, who are investigating the case further.
In addition to the personal data that was captured, Adobe is investigating illegal access to source code for Acrobat, ColdFusion, ColdFusion Builder and other Adobe products by an unauthorized third party.
It claimed that there is no specific increased risk to customers as a result of the attack, and that it is not aware of any zero-day exploits targeting any Adobe products. It recommended that customers run only supported versions of its software, apply all available security updates and follow the advice in the Acrobat Enterprise Toolkit.