Security

Adobe pays US$1.2M plus settlements to end 2013 breach class action

Popped Photoshop factory happy to see court case end.


Adobe has paid an undisclosed amount to settle customer claims and faces US$1.2 million in legal fees after its 2013 data breach which compromised the details of 38 million users.

The creative content king was served a November 2013 class action lawsuit filed in California in which it is claimed "shoddy" security practises lead to the breach.

The breach occurred when hackers raided a backup server on which they found, and subsequently published, a 3.8GB file containing 152 million usernames and poorly-encrypted passwords, plus customers' credit card numbers.

Adobe initially reported the breach affecting three million users and later increased that figure to 38 million.

The company knew its security practices at the time were poor since it used the same encryption key for all passwords.

It had not deployed a new encryption system nor decommissioned the old backup server by the time of the breach.

US District Judge Lucy Koh rejected Adobe's request to dismiss the action because the impact to users was "very real" despite the plaintiff's inability to prove Adobe failed to inform them of the breach fast enough.

Court documents [PDF] [PDF] published by CourtHouseNews, a news service for legal eagles, show Adobe will pay US$1.18 million in attorney fees and expenses covering some 2540 hours of work.

Judge Koh granted a voluntary dismissal of class action claims after Adobe and plaintiffs agreed on an undisclosed settlement.

An Adobe spokesperson told the publication it is "pleased" to have the case resolved. ®

Send us news
10 Comments

Big brands among thousands infected by payment-card-stealing CosmicSting crooks

Gangs hit 5% of all Adobe Commerce, Magento-powered stores, Sansec says

Internet Archive user info stolen in cyberattack, succumbs to DDoS

31M folks' usernames, email addresses, salted-encrypted passwords now out there

Anthropic's Claude vulnerable to 'emotional manipulation'

AI model safety only goes so far

Sensitive data on 61K+ patients accessed in Alabama hospital cyberattack

Intruder pored over medical records, insurance details, Social Security numbers in some cases

Red team hacker on how she 'breaks into buildings and pretends to be the bad guy'

Alethe Denis exposes tricks that made you fall for that return-to-office survey

NIST's security flaw database still backlogged with 17K+ unprocessed bugs. Not great

Logjam 'hurting infosec processes world over' one expert tells us as US body blows its own Sept deadline

Schools bombarded by nation-state attacks, ransomware gangs, and everyone in between

Reading, writing, and cyber mayhem, amirite?

Crooks stole personal info of 77k Fidelity Investments customers

But hey, no worries, the firm claims no evidence of data misuse

Marriott settles for a piddly $52M after series of breaches affecting millions

Intruders stayed for free on the network between 2014 and 2020

Chinese cyberspies reportedly breached Verizon, AT&T, Lumen

Salt Typhoon may have accessed court-ordered wiretaps and US internet traffic

T-Mobile US to cough up $31.5M after that long string of security SNAFUs

At least seven intrusions in five years? Yeah, those promises of improvement more than 'long overdue'

UK's Sellafield nuke waste processing plant fined £333K for infosec blunders

Radioactive hazards and cyber failings ... what could possibly go wrong?