How NOT to manage a security breach crisis

How NOT to manage a security breach crisis

Written By: Piyush Bhatnagar

adobe_logo1We’re often given the opportunity to learn about crisis management through the highly visible fallout from the experiences of others. Important lessons can be learned when looking at how a company successfully, or unsuccessfully, responds to a hard-hitting crisis. Everyone makes mistakes and learning from others makes us better prepared to manage a similar scenario ourselves.

Adobe hack

Adobe’s database of over 150 million users was hacked in October 2013, resulting in email addresses, passwords and credit card information being stolen. The identity thieves know which programs specific users have, making it even easier to engage in phishing to get people to download malware disguised as updates. The situation illustrates the growing problem with identity theft and how ordinary people are often the real targets of hackers who target big companies. What is more shocking is the way Adobe reacted.

How did they react?

Adobe first reported the data breach of approximately 3 million customers however this number was then raised to 38 million. The situation then took a turn for the worse when an outside company found the data of 152 million Adobe customers on a site frequented by cyber-criminals.

While Abobe may have needed privacy and secrecy with a breach of this size, responses through snail mail and email were slow. Emails sent to customers warned that data might, or might not, have been compromised and many customers received no communication at all. Even now, three months later, there is no notice of the incident on any of Adobe’s login pages.

Shocking statements emerged such as “Much of what we’re learning about the breach has come from independent researchers not affiliated with Adobe.”

It’s possible that Adobe has limited knowledge about what happened, but the silence after this attack was somewhat shocking to many users and should have been handled with more care by Adobe.

About the Author

Piyush Bhatnagar

Piyush is the Chief Technology Officer and Founder at Authomate. Piyush founded the company in 2012 to simplify online security and bring strong authentication to every aspect of life without any added complexity. His responsibilities as CTO include leading innovation, developing product vision and product development.

Piyush is a seasoned technology executive, entrepreneur and consultant with experience in technology development and management. During his 25 year career prior to starting Authomate, he worked for defense, information technology, and network security companies, where he built an extensive resume managing global software teams and executing product strategy.

View all posts by Piyush Bhatnagar

Leave a Reply