back to article Adobe fined a whole million dollars for 2013 mega-breach

Fifteen of the United States of America have flogged Adobe with warm, wet, lettuce for its 2013 mega-breach that saw 38 million credentials leaked. North Carolina attorney general Roy Cooper says his State, plus 14 others*, have agreed that Adobe should hand over one million US dollars to compensate the 552,000 punters whose …

  1. David Roberts

    Less than $2 per user?

    Wouldn't it cost more than that just to pay each user the compensation?

    No information about how the compensation is to be paid either. Unless this is some subtle punishment where paying the compensation is intended to cost far more than the fine. Whatever, a trivial sum and an insult to the victims.

    1. Richard 12 Silver badge

      Re: Less than $2 per user?

      A stamp is about 50cents, the envelope 2c, the cheque check about 10c?

      That is a truly insanely low penalty. Even the usual "1 year credit monitoring service" insult costs more than that.

      The legal fees will have been higher so the direct cost will be double to triple, but still... $6 per customer is miniscule.

      I would not be surprised if somebody did decide to "dox" the board, although that would be immoral and obviously I would never condone such action.

    2. Anonymous Coward
      Anonymous Coward

      Re: Less than $2 per user?

      Wouldn't it cost more than that just to pay each user the compensation?

      No, unfortunately, if you're a small shop who makes a mistake you pay the full whack because you can't afford a good lawyer, but if you're Big Business you get a volume discount - even though the nefast impact on the exposed end user is identical.

      The article is right: as long as a mega breach doesn't put a company in risk of closure due to the fine nothing will change. Some lawyers will get fat off it, and an insurance has to pay out a puny amount. You, as end user, will remain the victim.

      1. Adam 52 Silver badge

        Re: Less than $2 per user?

        Half a million court cases would cost quite a lot to answer. DDoS via the Courts is much more effective and perfectly legal.

        1. Mark 85

          @Adam 52 -- Re: Less than $2 per user?

          Nice idea, but reality says the company will request that all the cases be rolled into a single class action suit. Result will still be the same... lawyers make their money, the compensation to the individual is zilch. The other problem is most folks won't bother due to the time and costs involved.

  2. tfewster
    FAIL

    Lessons learned

    Security is hard and expensive. Insincere apologies and compensation are cheap.

    So no need to bother then?

    1. Anonymous Coward
      Anonymous Coward

      Re: Lessons learned

      Security is hard and expensive. Insincere mumbled apologies and derisory compensation are cheap.

      FTFY.

    2. chivo243 Silver badge
      Trollface

      Re: Lessons learned

      @tfewster

      Ah, the Hermes Conrad philosophy:

      Hermes: Alright, alright. What do we do when we break somebody's window?

      Dwight: [sheepish] Pay for it?

      [Hermes laughs.]

      Hermes: Oh, heavens, no! We apologise, with nice, cheap words!

  3. Mark Simon

    Hidden Costs

    Adobe have completely lost my trust. I was a customer, but no more. I know my money’s not worth much to them, judging from their service, but at least it’s worth more than my share of the fine (just under 3c).

    1. Naselus

      Re: Hidden Costs

      A cynical man might suggest the problem was that you trusted Adobe in the first place, given they've never done anything in the last thirty years to earn it. Horribly written software full of gaping security holes, and a 'cloud' solution which is just naked SaaS profiteering rather than offering a single useful increase in functionality over the perpetual licensed versions.

      1. Anonymous Coward
        Anonymous Coward

        Re: Hidden Costs

        Now you know why I like Affinity even more than just for bringing out damn good and well supported software.

        One (astonishingly low) payment instead of the the Adobe monthly bloodletting.

        And they're not Americans, which helps :).

    2. Version 1.0 Silver badge

      Re: Hidden Costs

      The "Adobe" company name means mudbrick - basically air dried puddled mud - they're being honest about their quality I think.

  4. Khaptain Silver badge

    Alternative Solution

    Since board members consider security as just another expense, why no publish the details of their private lifes, tax returns, backhanders etc. It might help them realise that yes security is an issue and that it can/does have an impact on those concerned...

    1. Anonymous Coward
      Anonymous Coward

      Re: Alternative Solution

      Since board members consider security as just another expense, why no publish the details of their private lifes, tax returns, backhanders etc. It might help them realise that yes security is an issue and that it can/does have an impact on those concerned...

      Good idea. Let's make that a mandatory part of any fine where the per user payout is less than the risk they've been exposed to (which is pretty much all of the major breaches). And add their executive mobile phone numbers to that...

  5. Tromos

    Damage limitation

    At least there won't be any damage to Adobe's reputation for security. They don't have one.

  6. Ole Juul

    it's hopeless

    Adobe's share price has climbed nicely since the 2013 breach

    That's really depressing.

  7. Milton

    Value for money

    If you can afford the high initial NREs¹, the best value for the corporate dollar these days is to buy some politicians. A pork-friendly congresscritter—and it's hard to find any other kind—can be glad-handed, lobbied, lunched and wined, with lovely fat S/PAC contributions and brown envelopes for a real return on investment. (And, à la Lockheed, he can have some eye-wateringly overpriced makework shovelled to his district, pointlessly over-complicating the supply chain and introducing inefficiencies which—ah, the genius of it!—will all be paid by the taxpayer anyway, which—more genius!—won't include the corporation or its executives, who will find ways to pay less tax than their office cleaners anyway).

    A well-fattened pol is a wonderful asset to the enterprise. Whether you need a quick under-handed favour to make an investigation go away, or some cover for dodgy foreign dealings, or just a nice new law with some small print relaxing environmental protection or your customers' rights, it's all available in one plump, sweaty package. Regulations to protect the consumer from corporate greed are a pesky thing, and if you can't get them completely scrapped, it's almost as effective to ensure that when you're caught with your pants down, the fines will be meaninglessly small. The mooing cattle whose privacy was serially violated, or health destroyed, can't afford decent lawyers and probably wouldn't have voted anyway.

    So, best advice: buy some politicians, sit back, smile and wait for milking time!

    ¹ Non-Recoverable Expenses, i.e. the amount you spend setting up the enterprise and which will be lost if it doesn't get off the ground. In Beltway terms, think of these as initial junkets, lobbying feelers and slushfund cash spent on food, cocaine, hookers etc, which may be lost if the politician in question turns out to be a single-termer, is too incompetent to deliver the desired legislation, gets exposed by the press, or even—though it may sound improbable—turns out to be honest.

  8. Anonymous Coward
    Anonymous Coward

    $2 measly bucks per customer wronged...

    See you same time next year then.....

  9. This post has been deleted by its author

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like