Adobe Systems, Inc. is one of the latest to face a class action lawsuit related to a wide-scale data breach. Hackers reportedly gained access to sensitive customer information for users of Adobe’s popular software programs, such as Photoshop and InDesign. The stolen data included personal information, passwords, and credit card numbers.
The class-action suit, filed in California, alleges that Adobe failed to take the proper steps to prevent such an attack. Adobe’s “substandard security practices and on-going security problems” resulted in customers being “vulnerable to attack, theft and misuse” of their personal information, the complaint maintains. It alleges breach of contract claims and violations of California’s data protection laws.
According to the data breach lawsuit, hackers were able to access a backup storage system with weak encryption protection. Adobe initially warned that the breach impacted approximately three million current and past customers, but now estimates that the data of 150 million users may have been compromised.
While Adobe reportedly waited two weeks before alerting users about the data breach, others were more proactive in preventing subsequent security lapses. Facebook Inc., although not directly impacted by the breach, locked some users out of their accounts after determining that they used the same login credentials with Adobe. The users were required to verify their identity and change their passwords.
When it comes to a data security breach, the best defense is a good, planned offense. Failing to have proper protections in place, including rapid response protocols, will not only hurt your company’s reputation, but also may impact your bottom line.
If you have any questions about this cyber security case or would like to discuss the legal issues involved, please contact me, Fernando M. Pinguelo, or the Scarinci Hollenbeck attorney with whom you work.