Adobe fined a whole million dollars for 2013 mega-breach
Try getting your Board to take security seriously when perps are flogged with wet lettuce
Fifteen of the United States of America have flogged Adobe with warm, wet, lettuce for its 2013 mega-breach that saw 38 million credentials leaked.
North Carolina attorney general Roy Cooper says his State, plus 14 others*, have agreed that Adobe should hand over one million US dollars to compensate the 552,000 punters whose details were purloined in the affected jurisdictions.
Adobe has also promised the 15 States it will tighten things up on the security practice and policy front. Which shouldn't be hard: it already promised Australia to do the same thing.
Adobe previously settled with California for an undisclosed sum plus $1.1m in legal fees.
The Register's antipodean reporters can hardly make it through a morning without a security vendor attempting to argue that the most urgent duty of IT departments is to inform board members about the incredible importance of security, lest an incident cause cascading reputational and financial damage. Such educational efforts, they argue, will ensure directors understand that security governance is critical, as is proper funding so that IT doesn't have to crimp on controls.
Yet Adobe's share price has climbed nicely since the 2013 breach and revenue has climbed steadily to the $5.5bn mark. With fines of just $1m resulting from a 38-million name breach and Flash a perpetual weeping sore of insecurity, those security vendors may have to find a new scare tactic. ®
*Arkansas, Connecticut, Illinois, Indiana, Kentucky, Maryland, Massachusetts, Minnesota, Mississippi, Missouri, Ohio, Oregon, Pennsylvania and Vermont.