Adobe has now settled claims for its 2013 data breach in which 38 million users had been affected. On August 13, 2015, it was reported that they have paid an undisclosed sum to users and faced $1.1 million in legal fees. The breach was first confirmed back in October 2013 when Adobe had been the victim of a long-term network breach that exposed consumer data, including passwords and credit card information, as well as the source code for some of its leading products.
The initial report indicated that as many as three million adobe customers had been affected, however, after further investigation that number rose to 38 million active users. At the time, Adobe was honest and knew its security practices weren’t good enough, as it used the same encryption key for all passwords. Furthermore, it had not installed a new encryption system, nor withdrew the old backup server by the time of the breach. In September 2014, U.S. District Judge Lucy Koh rejected Adobe's request to dismiss the action, which included claims for violating the Customer Records Act, declaratory relief and unfair business practices. Judge Koh, who agreed that users could not show the company failed to notify them of the breach in a reasonable amount of time, found users' costs of dealing with the data breach and the threat of future harm very real.
"Given this, the danger that plaintiffs' stolen data will be subject to misuse can plausibly be described as 'certainly impending.' Indeed, the threatened injury here could be more imminent only if plaintiffs could allege that their stolen personal information had already been misused. However, to require plaintiffs to wait until they actually suffer identity theft or credit card fraud in order to have standing would run counter to the well-established principle that harm need not have already occurred or be 'literally certain' in order to constitute injury-in-fact."
Now, nearly a year later, Judge Koh granted a voluntary dismissal of the claims per an undisclosed settlement between the parties. According to CourtHouseNews, Adobe will pay $1.1 million in attorneys' fees and expenses. Class counsel worked an estimated 2,539 hours on the litigation, according to the ruling. An Adobe representative said the company is "pleased to have this matter resolved."
Meet Fortra™ Your Cybersecurity Ally™
Fortra is creating a simpler, stronger, and more straightforward future for cybersecurity by offering a portfolio of integrated and scalable solutions. Learn more about how Fortra’s portfolio of solutions can benefit your business.
