Adobe Systems, Inc. will pay $1 million for a 2013 data breach that may have compromised personal information for half a million consumers including more than 50,000 North Carolinians, Attorney General Roy Cooper said Thursday.
“Criminals and hackers are after our personal financial data and businesses and government must do more to protect it,” Cooper said. “If a data breach may have put your information at risk, act fast to protect it.”
Under a multistate agreement announced today, Adobe will pay $1 million to North Carolina and 14 other states and implement new policies and practices to prevent future similar breaches. North Carolina’s share of the settlement comes to $71,186.75.
The settlement resolves an investigation into the 2013 data breach of certain Adobe servers, including servers containing the personal information of approximately 552,000 residents of the participating states. A total of 52,734 North Carolina consumers were affected.
In September 2013, Adobe learned of an attempt to steal customer payment card numbers maintained on one of its servers. The attacker ultimately stole encrypted payment card numbers and expiration dates, names, addresses, telephone numbers, e-mail addresses, and usernames as well as other data.
North Carolina and the other participating states alleged that Adobe did not use reasonable security measures to protect its systems from an attack or have proper measures in place to immediately detect an attack.
Along with North Carolina, Arkansas, Connecticut, Illinois, Indiana, Kentucky, Maryland, Massachusetts, Missouri, Minnesota, Mississippi, Ohio, Oregon, Pennsylvania and Vermont participated in the investigation and settlement.
Under a state law pushed by Cooper, businesses and state and government agencies are required to notify consumers if their personal financial information may have been compromised by a security breach. They must also report such breaches to the Attorney General’s Office.
More than 3,700 breaches impacting nearly 10 million North Carolinians have been reported since the law took effect in 2005, including 677 breaches reported so far in 2016.
Visit ncdoj.gov for a list of steps consumers can take if they receive notice of a security breach involving their personal financial information.