Adobe has been fined $1m (£800,000) in the US for the 2013 data breach which exposed the personal information of 500,000 of its customers, after 38 million usernames, passwords and encrypted credit card details were stolen and leaked online.
The move has sparked some suggestions that the firm has got off lightly. If the breach had affected EU customers, under the forthcoming General Data Protection Regulation the fine would have been closer to $192m (£154m), based on 4% of its $4.8bn (£3.4bn) global turnover.
Some 15 US states were affected by the breach and agreed that the company both failed to prevent the attack from taking place and that it was not able to detect it in a timely fashion.
The attorney general of North Carolina, Roy Cooper, insisted that companies “must do more” to safeguard sensitive data to prevent it from falling into the hands of cyber criminals that would use it steal consumers’ identities and commit other acts of fraud online.
A press release from the North Carolina Department of Justice explained the terms of the agreement it made with the company, saying: “Under a multistate agreement announced today, Adobe will pay $1 million to North Carolina and 14 other states and implement new policies and practices to prevent future similar breaches.”
Maura Healey, the attorney general of Massachusetts, said: “The settlement resolves an investigation into the 2013 data breach of certain Adobe servers, including servers containing the personal information of approximately 552,000 residents of the participating states.
“Consumers who entrust a company with their personal data should have that trust respected. Adobe put consumers’ personal data at risk of being compromised by a data breach, and that is unacceptable. This settlement will put in place important new practices to ensure that a breach like this does not happen again.”
To leave a comment please register – it takes less than a minute and is free of charge. You will also get our weekly email update The DM Report (to opt out contact firstname.lastname@example.org). If you are an existing user, please log in. If you have forgotten your log-in details please email email@example.com to get them reset!