Adobe has been fined just $1 million for its massive 2013 hack that compromised the information of some 38 million users.
The money will be paid out to around 500,000 people in 15 states as part of the “multistate agreement” reached with Adobe. The 15 states that participated in the investigation and agreement were: Arkansas, Connecticut, Illinois, Indiana, Kentucky, Maryland, Massachusetts, Missouri, Minnesota, Mississippi, North Carolina, Ohio, Oregon, Pennsylvania, and Vermont.
“The settlement resolves an investigation into the 2013 data breach of certain Adobe servers, including servers containing the personal information of approximately 552,000 residents of the participating states,” said the North Carolina attorney general’s office in its announcement.
The attackers behind the hack in 2013 managed to compromise Adobe’s server and stole encrypted customer data, which included payment card details, names, email addresses, and usernames.
As part of the agreement and fine, Adobe was ordered to no longer store payment data on public-facing servers and it must put new security training practices in place for employees. These policies will have to be reviewed twice a year.
The 15-state investigation claimed Adobe’s data breach was “foreseeable” and it failed to take the necessary steps to protect customers, according to Massachusetts Attorney General Maura Healey. “Adobe put consumers’ personal data at risk of being compromised by a data breach, and that is unacceptable. This settlement will put in place important new practices to ensure that a breach like this does not happen again,” she said in a statement.
Despite these hefty indictments against Adobe, the fine of $1 million may ring a little hollow for some users. Adobe had previously settled a similar case in California where it settled for an undisclosed amount and $1.1 million in legal fees.
North Carolina Attorney General Roy Cooper said that “businesses and government must do more to protect [customer data].” Large fines have been seen as a deterrent for some companies but $1 million will not make much of a dent in Adobe’s bottom line.
On the other hand, in the European Union, the General Data Protection Resolution (GDPR) will be coming into effect in 2018. If Adobe suffered a breach like this with Europeans’ data, it would be facing a fine of up to four percent of its annual global turnover. Last we checked, Adobe’s previous quarterly earnings were $1.4 billion.