Hackers were able to break into servers operated by Adobe Systems and get access to the personal information of nearly three million consumers in 2013.
Now, the software company has reached a settlement with 15 states that brought actions on behalf of residents. The states claimed that Adobe did not take “reasonable security measures” to protect the data. It was similar to the charges leveled by other large companies that suffered data breaches in the past.
The settlement requires Adobe to pay $1 million, to be divided among the 15 states. It also requires the company to adopt stronger security protocols, if it has not already done so.
"Consumers should have a reasonable expectation that their personal and financial information is properly safeguarded from unauthorized access," said Connecticut Attorney General George Jepsen.
Jepson praised Adobe for working in good faith with the states bringing the action and for that, he says, it deserves credit.
“Companies have a responsibility to consumers to protect their personal information, and this settlement will ensure Adobe establishes stronger safeguards in the future,” said Illinois Attorney General Lisa Madigan.
How the breach occured
In September 2013, Adobe learned the hard drive for one of its application servers was closing in on its capacity. After getting an alert, Adobe learned that an unauthorized attempt was being made to crack encrypted customer payment card numbers residing on the server.
Adobe was able to stop the decryption process and disconnected the server from the network. However, it found the attacker had compromised a public-facing Web server and used it to access other servers on Adobe’s network. In the end, the hacker was able to make off with encrypted payment card numbers and expiration dates, names, addresses, telephone numbers, e-mail addresses, and usernames, as well as other data.
“This case is yet another example of the importance of protecting your personal and financial information,” said Indiana Attorney General Greg Zoeller. “I continue to be an advocate for Indiana’s credit freeze protections and encourage all Hoosiers to place credit freezes with the major credit bureaus.”
States participating in the settlement include Arkansas, Connecticut, Illinois, Indiana, Kentucky, Maryland, Massachusetts, Missouri, Minnesota, Mississippi, North Carolina, Ohio, Oregon, Pennsylvania, and Vermont.