Skip to main content

Hitachi ID Systems Blogs

Posts Tagged ‘compliance would have helped’

Adobe hack

Wednesday, October 30th, 2013

Reports are circulating today that a recent hack of Adobe and exfiltration of customer data was larger than thought – data about 38 million active users was compromised:

nakedsecurity.sophos.com

This raises some interesting questions:

  • There is a fundamental risk to a subscription-based business model, which is what Adobe.com has moved to. If you want to charge your customers monthly, like a utility, to use your products or services, then necessarily you have their contact info, credit card numbers, etc. That makes for quite an attractive target for compromise!
  • Clearly the data in question should be secured very carefully — encrypted, access controlled (e.g., using a privileged access management system, monitored, etc. Something in these controls clearly failed at Adobe.

This is a warning to customers to beware sharing CC and similar data with firms that have to retain the indefinitely. It is also a warning to firms that have such practices to be incredibly careful.

PCI-DSS includes lots of good guidelines about how to protect such data — I wonder which rules Adobe managed to not follow?

page top page top