IMB Enterprises, Inc., Huntington, NY 11746 +1 (631) 673-2929,

Will the October Cyber Attack on Adobe Systems Prompt a Change in Vendor Consumer Responsibilities?

October 15, 2013

On October 3, 2013, Brad Arkin, Chief Security Officer of Adobe® posted an Important Customer Security Announcement. This post included a summary of a successful attempt by a malicious entity (individual, team or organization) to compromise the security of Adobe’s websites. The attackers made off with application source code for a number of Adobe products.

They also made off with “. . . customer information . . . ” This information included ” . . . customer names, encrypted credit or debit card numbers, expiration dates, and other information . . . “. In response, Mr. Arkin noted, Adobe will take steps, including ” . . . notifying customers whose credit or debit card information [Adobe] believe[s] to be involved in the incident. If your information was involved, you will receive a notification letter from us with additional information on steps you can take to help protect yourself against potential misuse of personal information about you. Adobe is also offering customers, whose credit or debit card information was involved, the option of enrolling in a one-year complimentary credit monitoring membership where available.”

The last item on this list, “the option of enrolling in a one-year complimentary credit monitoring membership where available”, in my opinion, may be a subtle, but nonetheless very important sign of something I’ve written about in the past with regards to cyber security, and the respective responsibilities of vendors and consumers. My argument has been that as the frequency and severity of these attacks increase, the ultimate responsibility for any losses will eventually shift to the consumer from the vendor.

Is it safe to surmise from this point that the consumer is going to feel the burden of any financial pain that may unfortunately result from this attack? Certainly Adobe will incur the expense of monitoring credit for a year, but there is no mention of Adobe compensating these consumers for any losses that may result from this attack.

I find further support for at least requesting further specificity from Adobe on these points with Mr. Arkin’s next declaration: “We have notified the banks processing customer payments for Adobe, so that they can work with the payment card companies and card-issuing banks to help protect customers’ accounts.” Just what does Adobe mean by “help protect customers’ accounts.”?

The repercussions of all of this, at some point, will likely diminish consumer and business appetite for cloud, SaaS offers. Thoughts?

Ira Michael Blonder

© IMB Enterprises, Inc. & Ira Michael Blonder, 2013 All Rights Reserved

Data Security Solutions
  • Ira Michael Blonder calls on over thirty five years of experience marketing, promoting & selling tangible and intangible products and services within his consulting practice. He has first hand experience with several very early stage businesses targeted to Fortune 100 customers. The common thread between these early stage efforts is that product and/or service offerings incorporated computer technology. He is an excellent choice for a CEO in need of a trusted advisor as products, promotion and sales are planned.

One Comment

Leave a Comment

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.