14 DAY TRIAL // Now that Adobe has admitted that the details of at least 38 million of its customers have been stolen by hackers, a lot of legal action might follow.
Initially, the company noted that only 2.9 million customers were impacted. However, it later revealed that the number was much higher, not to mention the fact that parts of the Photoshop source code have also been compromised.
According to legal experts cited by The Lawyer, Adobe’s internal investigation will likely focus on third-party suppliers, especially since it’s possible that the attackers leveraged vulnerabilities in third-party systems. This is often the case when major organizations fall victim to a hack attack.
“Adobe will be reviewing its contracts with suppliers. And while they are a sophisticated company with a sophisticated legal department, it doesn’t necessarily follow that all their contracts are up to date – especially in relation to such a fast evolving area,” noted Philip James, a partner at the Pitmans law firm.
Another issue is with data breach notifications. For instance, Adobe has to report the breach to the United Kingdom’s Information Commissioner’s Office (ICO).
If the agency determines that cybercriminals leaked the personal details of millions of people because of some failure on the company’s part, a considerable fine might follow.
For instance, in January, the ICO fined Sony with £250,000 ($395,000/€297,000) for the PlayStation Network data breach in 2011.
Impacted customers must also be notified and, in the US, Adobe will have to pay for credit monitoring services for users whose financial information has been compromised.
Of course, the theft of source code is no laughing matter either. Lawyers believe that this will have the most significant commercial implications for the company.