Adobe's US$1m fine for data breach

Adobe must pay a fine of US$1 million following a 2013 data breach that put 500,000-plus consumers’ card numbers and other information at risk.

Under the multistate agreement, the money will be split among 15 US states.

Adobe must also implement new policies and practices to prevent future similar breaches.

The settlement resolves an investigation into the 2013 data breach of certain Adobe servers, including servers containing the personal information of approximately 552,000 residents of the participating states.

In September 2013, Adobe learned of an attempt to steal customer payment card numbers maintained on one of its servers.

The attacker ultimately stole encrypted payment card numbers and expiration dates, names, addresses, telephone numbers, email addresses and usernames as well as other data.

The participating states alleged that Adobe did not use reasonable security measures to protect its systems from an attack or have proper measures in place to immediately detect an attack.

“Criminals and hackers are after our personal financial data, and businesses and government must do more to protect it,” said North Carolina Attorney General Roy Cooper. “If a data breach may have put your information at risk, act fast to protect it.”