The PCI standards, said all three, are simply a baseline, but they're not enough. "PCI are the bare minimum," said Pingree. "Companies with large numbers of credit cards do need to go beyond where most firms go because it's always a big deal when a couple million credit cards go wild."
Even if the hit is mostly from negative publicity, said Wisnieswki.
Wall Street, however, essentially yawned: While Adobe's stock price dropped 1.4 percent last Thursday, on Friday it rebounded, closing to two cents under Thursday's opening price.
But Pescatore is not a Wall Street analyst, and had harsher words for Adobe and other companies that, while they admitted breaches, said virtually nothing of what they would do to make sure it didn't happen again.
"We will work aggressively to prevent these types of events from occurring in the future," said Adobe in a Thursday blog post.
"I think we're beyond the point where these disclosures are valuable," said Pescatore. "Companies need to tell us why the breach happened and why it's not going to happen again. When a hamburger joint says rat meat was found in a customer's burger, it's not enough to just tell all the customers, 'Hey, we found rat meat.' What you want to hear is why it won't be in your burger if you go there again.
"[The Adobe hack] is like thieves breaking into a rat-burger company and stealing the personal information of everyone who bought the rat-burgers," Pescatore concluded.
Unappetizing. But then, so is the prospect of pouring over credit card statements and changing who knows how many account credentials.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, or subscribe to Gregg's RSS feed. His email address is email@example.com.
Read more about security in Computerworld's Security Topic Center.