Connecticut, other states, reach $1 million settlement with Adobe Systems

HARTFORD, Conn. (WTNH) – Connecticut Attorney General George Jepsen joined 14 other state attorneys general today in announcing a $1 million data breach settlement with the software and technology company Adobe Systems, Inc.   The settlement resolves an investigation into the 2013 breach of certain Adobe servers, including servers containing the personal information of approximately 552,000 residents of the participating states.

Connecticut was the lead state in the investigation of the unauthorized server access. The states alleged that Adobe did not use reasonable security measures to protect its systems from an attack or have proper measures in place to immediately detect an attack. The agreement resolves consumer protection and privacy claims against the company and requires Adobe to implement new policies and practices to prevent future similar breaches.

The state’s overall share of this settlement is $135,095.71. Of that, $25,000 will go to the Department of Consumer Protection’s consumer privacy protection guaranty and enforcement account and the remaining amount will go to the state’s General Fund.

“Consumers should have a reasonable expectation that their personal and financial information is properly safeguarded from unauthorized access,” said Attorney General Jepsen. “Adobe worked in good faith with my office and the states affected by this incident to better protect consumer information going forward, and for that it deserves some credit.  My office will continue to be diligent in protecting Connecticut consumers by strictly enforcing our privacy laws.”

In September 2013, Adobe received an alert that the hard drive for one of its application servers was nearing capacity.  In responding to the alert, Adobe learned that an unauthorized attempt was being made to decrypt encrypted customer payment card numbers maintained on the server.

Adobe stopped the decryption process, disconnected the server from the network, and found the attacker had compromised a public-facing Web server and used it to access other servers on Adobe’s network. The attacker ultimately stole encrypted payment card numbers and expiration dates, names, addresses, telephone numbers, e-mail addresses, and usernames as well as other data.

Joining Connecticut in the agreement are Arkansas, Illinois, Indiana, Kentucky, Maryland, Massachusetts, Missouri, Minnesota, Mississippi, North Carolina, Ohio, Oregon, Pennsylvania and Vermont.

Assistant Attorney General Michele Lucan of the Privacy and Data Security Department, and Assistant Attorney General Matthew Fitzsimmons, head of the Department, assisted the Attorney General with this matter.


WTNH NEWS8 provides commenting to allow for constructive discussion on the stories we cover. In order to comment here, you acknowledge you have read and agreed to our Terms of Service. Commenters who violate these terms, including use of vulgar language or racial slurs, will be banned. Please be respectful of the opinions of others. If you see an inappropriate comment, please flag it for our moderators to review. Also, you can now block any inappropriate user by simple selecting the drop down menu on the right of any comment and selection "Block User" from there.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s