Hackers broke into a PR Newswire database containing thousands of overseas customer records earlier this year, the company acknowledged this week.
PRN CEO Ninan Chacko said a database that primarily houses access credentials and business contact information for customers in Europe, Middle East, Africa and India was compromised. "We are conducting an extensive investigation and have notified appropriate law enforcement authorities," he said. "Based on our preliminary review, we believe that customer payment data were not compromised."
The data was found on a hacker server where stolen Adobe source code was recently discovered, according to ComputerWorld.
IT security writer Brian Krebs wrote on Oct. 13 that the date/time stamps on the PRN data indicated the breach occurred on or after March 8. He said when a copy of the data was presented to PRN they confirmed ownership.
PRN acknowledged the breach publicly on Oct. 16 in a blog post by Chacko, after privately notifying customers.
While Krebs said there are no indications the data was used maliciously, Alex Holden, the chief information security officer for Hold Security who worked with Krebs on the story, said the PR information reads like a "who's who of PR firms and Fortune 1000" companies and suggested it could have been used to weak havoc on financial markets.
Cision was the victim of a phony press release scam last week in Sweden, causing it to beef up security procedures after shares in two biometric companies spiked.
PRN, which uses both digital and human safeguards in disseminating content, said it is requiring new passwords for customers in the hacked database. "From an internal perspective, we continue to implement security improvements and additional protocols to help further protect user portals and customer and proprietary information," he wrote in a blog post.
Both Cision and PRN have notified authorities of the breaches.