In a recent cyber attack, the data of 38 million users had been compromised. This estimate is much more that the original one that limited it to 2.9 million users. Even Adobe has acknowledged that the numbers of victims of data breach are 38 million users. Adobe is not excluding the possibility of negligence or involvement of third party suppliers.
While Adobe has ordered an internal investigation into the issue yet legal investigation risks are looming large at Adobe. Adobe is particularly concerned about the breach potentially coming through cloud computing, the process by which data is held on third-party servers in various jurisdictions.
If the data is held by data servers or cloud computing scattered in various jurisdictions the law enforcement and other authorities can take notice of this fact and act as per local laws. This means Adobe is potentially vulnerable to the legal jurisdictions of many countries at the same time where the users of the data are residing.
For instance, the implications of data breach can reach the United Kingdom as the UK Information Commissioner’s Office (ICO) is keen to discover whether the breach was caused by a failure on the part of the company, or that the company failed to act quickly enough once it knew it had been hacked. Adobe has to convince the ICO that there was no fault or negligence on the part of Adobe in this entire episode.
Indian data protection and privacy laws also impose hefty penalties for their violations. Appropriate legal proceedings can be initiated against Adobe under the Indian Information Technology Act, 2000 if its provisions are found to be breached due to this episode.
However, the real trouble for Adobe would be to deal with United States laws. Among other things, Adobe would be obliged to pay for credit monitoring for up to a year for those users whose card details were compromised. Lawyers suggest there could be issues around notification clauses in cases of a breach, and the type of meaningful information third-party suppliers should provide in case of cyber attack.
On the commercial front as well Adobe has suffered a major loss as a part of the source code has also been stolen. Adobe has to be more cautions regarding future cyber attacks as it is now more vulnerable due to availability of its partial source code.