Virtual Event Now Live: Zero Trust Strategies Summit! - Login for Access
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Compliance

U.S. Authorities Reach Settlement With Adobe Over 2013 Breach

Attorneys general in over a dozen U.S. states announced on Thursday that they reached a $1 million settlement with Adobe Systems over the massive data breach suffered by the company in 2013.

Attorneys general in over a dozen U.S. states announced on Thursday that they reached a $1 million settlement with Adobe Systems over the massive data breach suffered by the company in 2013.

Authorities in 15 states accused Adobe of failing to employ reasonable measures to protect customers’ personal information and promptly detect malicious activity within its network. As part of the settlement, the software giant has agreed to implement new policies and practices in an effort to prevent similar breaches in the future.

The measures that Adobe must take include effectively segregating payment card data from public-facing servers, using tokenization in payment processing, performing ongoing risk assessments and penetration testing, and providing security training to employees.

The $1 million will be paid by Adobe to attorneys general as designated by the Connecticut Attorney General’s Office, which led the investigation into the data breach.

Connecticut AG George Jepsen announced that his state will get $135,095.71, of which $25,000 will go to the Department of Consumer Protection’s consumer privacy protection guaranty and enforcement account, and the rest to the state’s General Fund.

The other states involved in the investigation are Arkansas, Illinois, Indiana, Kentucky, Maryland, Massachusetts, Missouri, Minnesota, Mississippi, North Carolina, Ohio, Oregon, Pennsylvania and Vermont.

Adobe realized that its systems were breached in September 2013, when it noticed that one of its application servers’ hard drive was nearly full. An investigation revealed that unauthorized parties had been trying to decrypt encrypted customer payment card numbers.

Adobe confirmed at the time that the attackers managed to steal user information and source code, but claimed there was no evidence that any unencrypted payment card numbers were exfiltrated. The breach was believed to affect 38 million Adobe customers and some reported that more than 150 million records were compromised.

Advertisement. Scroll to continue reading.

In 2015, the company settled a class action and agreed to pay an undisclosed amount to users and roughly $1.2 million in legal fees.

Related: Adobe Breached Privacy Act, Says Australian Information Commissioner

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join SecurityWeek and Hitachi Vantara for this this webinar to gain valuable insights and actionable steps to enhance your organization's data security and resilience.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Threat intelligence firm Intel 471 has appointed Mark Huebeler as its COO and CFO.

Omkhar Arasaratnam, former GM at OpenSSF, is LinkedIn's first Distinguised Security Engineer

Defense contractor Nightwing has appointed Tricia Fitzmaurice as Chief Growth Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.