ATTORNEY GENERAL MADIGAN ANNOUNCES $1 MILLION SETTLEMENT WITH ADOBE
Illinois & 14 States Settle Over Data Breach That Exposed Consumers’ Personal Information
Chicago — Attorney General Lisa Madigan today announced a $1 million multistate settlement with the software company Adobe Systems Inc. (Adobe) for jeopardizing the personal information of thousands of consumers during a data breach.
Madigan and 14 state attorneys general launched an investigation following the 2013 data breach, which exposed the personal information of approximately 552,000 consumers in those states, including more than 76,000 people in Illinois who had purchased Adobe products. Madigan and the attorneys general found that Adobe did not use reasonable security measures to protect its systems from an attack and did not have measures in place to immediately detect an attack.
“Companies have a responsibility to consumers to protect their personal information, and this settlement will ensure Adobe establishes stronger safeguards in the future,” Madigan said.
Madigan joined attorneys general from the following states in reaching the settlement: Arkansas, Connecticut, Indiana, Kentucky, Maryland, Massachusetts, Minnesota, Mississippi, Missouri, North Carolina, Ohio, Oregon, Pennsylvania and Vermont. The agreement resolves consumer protection and privacy claims against the company, and requires Adobe to implement new policies and practices to prevent future similar breaches. Illinois will receive over $93,000 under the settlement.
The states’ investigation revealed that in September 2013, Adobe was alerted that a hard drive for one of its application servers was nearing capacity. In responding to the alert, Adobe found that an unauthorized attempt was being made to access encrypted customer payment card numbers maintained on the server. After ending the decryption process and disconnecting the server from the network, Adobe found the unauthorized party had used one server to gain access to other servers on Adobe’s network. As a result, the attacker was able to steal encrypted consumer payment card numbers and expiration dates, names, addresses, telephone numbers, email addresses and usernames, as well as other personal consumer data.
In response to the hack, Adobe notified impacted consumers and automatically reset passwords for consumers whose information was accessed. Adobe also offered consumers who were affected one year of free credit monitoring and encouraged consumers to change passwords used for other websites. Additionally, Adobe took steps to improve security in an effort to prevent future attacks.
Assistant Attorneys General Yangsu Kim and Matthew Van Hise handled the case for Madigan’s Consumer Fraud Bureau.