Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Compliance

U.S. Authorities Reach Settlement With Adobe Over 2013 Breach

Attorneys general in over a dozen U.S. states announced on Thursday that they reached a $1 million settlement with Adobe Systems over the massive data breach suffered by the company in 2013.

Attorneys general in over a dozen U.S. states announced on Thursday that they reached a $1 million settlement with Adobe Systems over the massive data breach suffered by the company in 2013.

Authorities in 15 states accused Adobe of failing to employ reasonable measures to protect customers’ personal information and promptly detect malicious activity within its network. As part of the settlement, the software giant has agreed to implement new policies and practices in an effort to prevent similar breaches in the future.

The measures that Adobe must take include effectively segregating payment card data from public-facing servers, using tokenization in payment processing, performing ongoing risk assessments and penetration testing, and providing security training to employees.

The $1 million will be paid by Adobe to attorneys general as designated by the Connecticut Attorney General’s Office, which led the investigation into the data breach.

Connecticut AG George Jepsen announced that his state will get $135,095.71, of which $25,000 will go to the Department of Consumer Protection’s consumer privacy protection guaranty and enforcement account, and the rest to the state’s General Fund.

The other states involved in the investigation are Arkansas, Illinois, Indiana, Kentucky, Maryland, Massachusetts, Missouri, Minnesota, Mississippi, North Carolina, Ohio, Oregon, Pennsylvania and Vermont.

Adobe realized that its systems were breached in September 2013, when it noticed that one of its application servers’ hard drive was nearly full. An investigation revealed that unauthorized parties had been trying to decrypt encrypted customer payment card numbers.

Adobe confirmed at the time that the attackers managed to steal user information and source code, but claimed there was no evidence that any unencrypted payment card numbers were exfiltrated. The breach was believed to affect 38 million Adobe customers and some reported that more than 150 million records were compromised.

In 2015, the company settled a class action and agreed to pay an undisclosed amount to users and roughly $1.2 million in legal fees.

Related: Adobe Breached Privacy Act, Says Australian Information Commissioner

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Audits

Out of the 335 public recommendations on a comprehensive cybersecurity strategy made since 2010, 190 were not implemented by federal agencies as of December...

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Application Security

Password management firm LastPass says the hackers behind an August data breach stole a massive stash of customer data, including password vault data that...

Application Security

Software maker Adobe on Tuesday released security patches for 29 documented vulnerabilities across multiple enterprise-facing products and warned that hackers could exploit these bugs...

Compliance

The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Application Security

Microsoft on Tuesday pushed a major Windows update to address a security feature bypass already exploited in global ransomware attacks.The operating system update, released...