Blog

Office of the Australian Information Commissioner plays global role against Adobe

Posted by Dee McArthur on June 17, 2015 at 1:59pm

OAIC plays global role against Adobe

PSnewsonline Edition Number 460, Updated Tuesday, 16 June, 2015

The Office of the Australian Information Commissioner (OAIC) has joined an international investigation of Adobe Systems following a cyber-attack that affected at least 38 million Adobe customers globally, including more than 1.7 million Australians.

According to Australian Privacy Commissioner, Timothy Pilgrim, Adobe Systems Software Ireland Pty Ltd (Adobe) breached the Privacy Act 1988.

The Commissioner’s own motion investigation found that Adobe failed to take reasonable steps to protect all of the personal information it held.

 

Breaches of the Privacy Act uncovered

 

The Privacy Act does not require an organisation to design impenetrable systems, however, this case demonstrates the importance of organisations applying sufficiently robust security measures consistently across systems,” Mr Pilgrim said.

He said the personal information compromised in the attack had been held on a backup system that was designated to be decommissioned and included email addresses, encrypted passwords, plain text password hints and encrypted payment card numbers and payment card expiration dates.

Recognising the global nature of this incident, the Commissioner’s investigation was conducted in cooperation with the Data Protection Commissioner of Ireland and the Office of the Privacy Commissioner of Canada.

Mr Pilgrim said the investigation found that the type of encryption that Adobe used for the customer passwords stored in its backup system, together with password hints stored in plain text, allowed security experts to identify the most common passwords and the customer accounts associated with those passwords.

I am satisfied that the measures that Adobe took in response to the data breach will assist it to significantly strengthen its privacy framework and meet its obligations under the Privacy Act,” Mr Pilgrim said.

He has asked Adobe to engage an independent auditor to certify that it has implemented the planned remediation, and to provide OAIC with a copy of the certification and auditor report by 30 June.

The full OAIC report can be accessed at this PS News link.  http://www.oaic.gov.au/images/documents/privacy/applying-privacy-law/privacy-omi-reports/adobe-omi.pdf  (10 pages long)

Views: 99
Tags: government, information, international, investigation, privacy, security
E-mail me when people leave their comments –
Follow

You need to be a member of Archives Live to add comments!

Join Archives Live