A $1m (£802,954, €932,863) fine has been handed out to Adobe Systems for the massive 2013 data breach that saw around 38 million user credentials stolen and leaked online. The fine is payable to the over 500,000 residents of 15 US states affected by the 2013 data breach.
"Under a multistate agreement announced today, Adobe will pay $1 million to North Carolina and 14 other states and implement new policies and practices to prevent future similar breaches," reports cited a North Carolina Department of Justice (DOJ) press release as saying.
"The settlement resolves an investigation into the 2013 data breach of certain Adobe servers, including servers containing the personal information of approximately 552,000 residents of the participating states."
According to a report by the Register, Adobe has also promised the 15 US states that it will strengthen security measures to prevent such security incidents from occurring in the future. Local reports said the state of Massachusetts is slated to receive $70,000 from the settlement.
"Consumers who entrust a company with their personal data should have that trust respected," Massachusetts Attorney General Maura Healey said in a statement. "Adobe put consumers' personal data at risk of being compromised by a data breach, and that is unacceptable. This settlement will put in place important new practices to ensure that a breach like this does not happen again."
According to the office of the attorney general of Ohio, the million dollar fine is to penalise Adobe for not adopting, "reasonable security measures to protect its systems and personal information on them from an attack that originated at the public-facing server," IT News reported.
The October 2013 breach saw hackers access the source code of Adobe's Photoshop, Acrobat and Reader applications. An investigation into the security breach also revealed that usernames, passwords and encrypted credit card information of millions of users stolen and leaked online. Authorities allege that the attack was foreseeable and that Adobe failed to take the necessary steps to protect its customers' data.
North Carolina attorney general Roy Cooper said that businesses and governments "must do more" to ensure that sensitive and personal user data remain inaccessible to cybercriminals.
North Carolina and Massachusetts were joined in the multistate agreement by 13 other states: Arkansas, Connecticut, Illinois, Indiana, Kentucky, Maryland, Minnesota, Mississippi, Missouri, Ohio, Oregon, Pennsylvania and Vermont.