November 15, 2016

Resolving a multistate investigation into a 2013 data breach that involved the personal information of more than 50,000 Massachusetts residents, software company Adobe Systems, Inc. (Adobe) has agreed to pay $1 million and implement new policies and practices to prevent future breaches. An investigation by the states revealed that in September 2013, Adobe received an alert that the hard drive for one of its application servers was nearing capacity. In responding to the alert, Adobe learned that an unauthorized attempt was being made to decrypt customer payment card numbers maintained on the server. The states allege that the nature of the attack was foreseeable and that contrary to Adobe’s representations to its customers, it did not take reasonable steps to protect consumers’ personal information, or to promptly detect the attack and prevent the theft of consumers’ data. The states allege that the data breach of certain Adobe servers included those containing the personal information of approximately 534,000 residents of the participating states, including approximately 53,000 Massachusetts residents. MA, OH, IL

Tagged in: Cybersecurity and Data Breaches, Misrepresentations,