Attorney General Beemer announces $1 million settlement with major software company

This is an archived article and the information in the article may be outdated. Please look at the time stamp on the story to see when it was last updated.

HARRISBURG — Attorney General Bruce R. Beemer today announced a $1 million multistate settlement with Adobe Systems, Inc. to resolve allegations that the company placed its customers’ personal information at risk by failing to use reasonable security measures to protect its servers.
The settlement, which was joined by 14 other states, will result in a payment of more than $83,000 to Pennsylvania. The bulk of that money will go to the Commonwealth’s general fund.
The settlement also requires Adobe to biannually review its existing security policies and procedures and amend them as necessary to protect the personal information of its customers. Additionally, Adobe will perform risk assessments, conduct penetration testing, maintain a process that will create alerts if its exfiltration reporting sources are not working normally and implement other forms of internal security features.
The Office of Attorney General’s Bureau of Consumer Protection was part of an investigation that revealed 2.9 million Adobe customers nationwide were affected when a hacker accessed an Adobe network that contained customer data. Of those customers, tens of thousands of Pennsylvanians were affected statewide, the Attorney General’s office determined.
The attacker was able to acquire encrypted payment card numbers and expiration dates, names, addresses, telephone numbers, email addresses and usernames. However, it does not appear the attacker was able to decrypt the personal information found on the servers.
The settlement alleged that Adobe did not use reasonable security measures to protect its systems from an attack or have proper measures in place to immediately detect an attack. Also, it was alleged that Adobe’s conduct contradicted its representations to consumers that it would take reasonable steps to protect personal information.
This settlement, reached in the form of an assurance of voluntary compliance, was filed in Commonwealth Court by Deputy Attorney General Nicole DiTomo of the Attorney General’s Bureau of Consumer Protection.
The other states to participate in this investigation and join the settlement are Arkansas, Connecticut, Illinois, Indiana, Kentucky, Maryland, Massachusetts, Missouri, Minnesota, Mississippi, North Carolina, Ohio, Oregon and Vermont.
Consumers with questions about this settlement may contact the Bureau of Consumer Protection by phone at 800-441-2555 or by email at consumers@attorneygeneral.gov.
SOURCE: PA Attorney General Press Office