Adobe Data Breach Suit Dismissed Pursuant to Final Settlement: N.D. Cal. | Practical Law

Adobe Data Breach Suit Dismissed Pursuant to Final Settlement: N.D. Cal. | Practical Law

Adobe has settled In re Adobe Systems Inc. Privacy Litigation, the consolidated class actions that arose out of its 2013 data breach. The settlement calls for Adobe to implement undisclosed security measures to protect customer information and to pay over $1 million for plaintiffs' attorneys fees.

Adobe Data Breach Suit Dismissed Pursuant to Final Settlement: N.D. Cal.

Practical Law Legal Update 6-618-7885 (Approx. 3 pages)

Adobe Data Breach Suit Dismissed Pursuant to Final Settlement: N.D. Cal.

by Practical Law Intellectual Property & Technology
Published on 15 Sep 2015USA (National/Federal)
Adobe has settled In re Adobe Systems Inc. Privacy Litigation, the consolidated class actions that arose out of its 2013 data breach. The settlement calls for Adobe to implement undisclosed security measures to protect customer information and to pay over $1 million for plaintiffs' attorneys fees.
On August 14, 2015, the US District Court for the Northern District of California approved dismissal pursuant to a final settlement in In re Adobe Systems Inc. Privacy Litigation, which arose out of Adobe System Inc.'s 2013 data breach that affected nearly 38 million customer accounts, including the payment card information of nearly three million customers (5:13-cv-05226 (N.D. Cal. Aug. 14, 2015)). The settlement, first announced in April 2015, calls for Adobe to:
  • Implement undisclosed security measures.
  • Submit the results of an independent security audit one year from the date of the final settlement.
  • Pay $5,000 to each of the six plaintiff class representatives.
  • Pay nearly $1.1 million in plaintiffs' attorneys fees.
The plaintiffs' suit alleged that the Adobe breach affected their personal information. As the specific basis for their claims, the plaintiffs alleged that Adobe:
  • Failed to implement reasonable security practices.
  • Misrepresented to customers that it followed industry-leading practices.
  • Did not timely disclose the extent of the breach.
  • Failed to timely offer identity theft and credit monitoring services to affected customers.
Following a common strategy in data breach litigation, Adobe filed a motion to dismiss the plaintiffs' consolidated complaints for failure to allege injury-in-fact sufficient to support Article III standing. However, District Court Judge Lucy Koh denied Adobe's motion in large part in September 2014, finding that the plaintiffs had alleged injuries that were "certainly impending" and sufficient to support standing.