Adobe Data Breach Class Action

On October 4, 2013, Adobe Systems, Inc. announced a data breach which affected an estimated 150 million accounts.

The company had been the target of a cyber-attack during July and August, 2013, in which customer information and source code for some of its products were compromised. The stolen customer information included user names, passwords, credit or debit card numbers and expiration dates.

A class action lawsuit was filed on behalf of consumers impacted by the Adobe data breach on November 11, 2013. The Plaintiffs asserted that Adobe did not meet industry standards to protect customer data. Plaintiffs in the case requested that Adobe increase its data security practices, and provide restitution for purchasers of Adobe’s Cold Fusion products and Creative Cloud services.

Eric Gibbs Appointed Lead Counsel in Adobe Litigation

On March 13, 2014, Gibbs Law Group Founding Partner Eric Gibbs was appointed as lead counsel by U.S. District Judge Lucy H. Koh. Adobe filed a motion to dismiss this case on May 21, 2014.

Judge Koh Denies Adobe’s Motion to Dismiss the Class Action Complaint

On September 4, 2014, Judge Koh mostly denied Adobe’s motion to dismiss a consolidated class action complaint alleging Adobe violated California law and its own privacy policies by failing to protect and safeguard users’ private information. Judge Koh’s ruling is significant because many other data breach cases have been dismissed outright, but now the Adobe Plaintiffs can continue pursuing their claims and will request that the Court will certify the case as a class action.

Judge Koh Grants Plaintiffs’ Request for Voluntary Dismissal Pursuant to Settlement

On August 13, 2015, Judge Koh granted plaintiffs’ request to voluntarily dismiss their claims, pursuant to a settlement agreement between the parties. The settlement requires Adobe to implement robust intrusion detection, network segmentation, and encryption measures within a year of the settlement being approved. These security controls will improve Adobe’s ability to protect Plaintiffs’ and the putative class members’ private information. The settlement agreement also requires Adobe to submit to an independent security audit to be conducted within one year after the case is dismissed.