Adobe Data Breach
Adobe Systems is planning to settle the class action lawsuit filed against them. The company reportedly suffered a series of data breaches in October 2013. The breaches affected an estimated 38 million customer accounts, resulting in the theft of 3 million credit and debit card records in addition to the login information of a large number of Adobe users.
In February 2015 Adobe agreed to settle the lawsuit in return for all related claims being dismissed. The court initially gave the parties until April 30 to submit a preliminary settlement agreement but has since pushed that date back. After requesting more time to create the settlement agreement, the court extended the deadline to June 10.
Reasons for Settlement
Adobe’s decision to settle was probably influenced by the recent Target data breach settlement agreement. In March 2015 the court approved Target’s proposed settlement agreement of $10 million. Target must also pay $6.75 million in court costs on top of the $162 million they have already spent because of the breach. This may seem like a high price for the company to pay, but it could have been even higher if there was no settlement. Target’s expenses could have kept increasing as the lawsuit went on, but by agreeing to settle the company effectively cutting their losses. Adobe faces a similar situation. If the parties can’t produce a settlement agreement by June 10, the company faces increasing court costs associated with what is sure to be an uphill battle.
The key difference between the Adobe breach and the Target breach is the nature of the companies. Target is a large retailer of consumer goods but Adobe is a software company whose programs are found on virtually every computer. Adobe faces increased pressure from the public because vulnerability in Adobe software means vulnerability in millions of personal computers containing private data. Hackers have exploited these vulnerabilities in the software before and the plaintiffs allege that Adobe misrepresented the company’s security precautions when they made assurances to customers. All these factors, rising costs, public scrutiny, and past assurances, contribute to the likelihood that Adobe will settle the case.
The Initial Series of Data Breaches
Adobe disclosed news of the data breach on October 3, 2013. However, the plaintiffs allege that Adobe knew of the breach by September 17, 2013 and chose not to warn customers until two weeks later. Adobe initially reported that 2.9 million customer accounts were compromised but increased that number to 38 million after further investigation. The investigation revealed that hackers had access to Adobe’s networks since July of that year, and went undetected for a number of weeks. Adobe’s chief security officer Brad Arkin said that hackers “compromised the source code for numerous Adobe products.” The affected products include Adobe Acrobat, ColdFusion, and ColdFusion Builder. As part of their corrective measures Adobe has offered a year of prepaid identity theft monitoring services for affected customers.
If you believe your credit or debit card information was stolen because of a data breach, please contact us using the form on this page or call us at 424-245-5505. You may be part of a class action lawsuit.