Cyber criminals have accessed information about 2.9 million Adobe customers including names, encrypted credit card numbers and expiration dates. The attackers also took customer IDs and encrypted passwords.
According to Adobe CSO Brad Arkin, the cyber criminals did not remove decrypted credit or debit card numbers from its systems.
"We deeply regret that this incident occurred and we're working with law enforcement to address the incident," he wrote in a blog post.
The company is resetting customer passwords to prevent unauthorised access to Adobe ID accounts.
"If your user ID and password were involved, you will receive an email notification from us with information on how to change your password," said Arkin.
"We also recommend that you change your passwords on any website where you may have used the same user ID and password."
He added that Adobe is also sending a letter to customers whose credit or debit card information was accessed.
The letter will contain details of additional information on how customers can protect themselves from potential misuse of personal information.
"Adobe is also offering customers, whose credit or debit card information was involved, the option of enrolling in a one year free credit monitoring membership."
Arkin added his security team recently discovered that cyber criminals tried to access customer information and source code for numerous Adobe products.
"We believe these attacks may be related. Based on our findings to date, we are not aware of any specific increased risk to customers as a result of this incident," he said.
Follow Hamish Barwick on Twitter: @HamishBarwick
Follow Computerworld Australia on Twitter: @ComputerworldAU, or take part in the Computerworld conversation on LinkedIn: Computerworld Australia