Massive Adobe Data Breach Leads to Class Action Lawsuit

Top Class Actions’s website and social media posts use affiliate links. If you make a purchase using such links, we may receive a commission, but it will not result in any additional charges to you. Please review our Affiliate Link Disclosure for more information.

A California graphic and website designer is suing Adobe Systems Inc. for failing to safeguard her login credentials and financial information during a massive security breach that affected nearly 38 million active Adobe users.

The class action lawsuit follows Adobe’s announcement on Oct. 3, 2013, that hackers stole approximately 3 million credit and debit card records as well as login data for an undetermined number of Adobe users.

“The massive breach did not come as a surprise to industry experts familiar with Adobe’s security practices who warned that Adobe’s shoddy security protocols and track record of previous breaches made it susceptible to [the] massive hack of the scope and depth that resulted,” the class action lawsuit says.

Plaintiff Christina Halpain is seeking to represent other consumers who used Adobe’s “Creative Cloud” service and were affected by the security breach. Adobe Creative Cloud requires customers to access the company’s products via the Internet through Adobe-run servers. According to Halpain, Adobe misrepresented the company’s security precautions when it told customers it would be able to “ensure the latest security best practices” and that users’ “information is safe whenever you use Adobe products and services.” Sometime in September 2013, hackers had gained access to a trove of customer data.

Adobe was allegedly aware of the data breach by Sept. 17, 2013, but did not warn consumers of the existence of their personal identifying information online via nefarious sources until two weeks later, the class action lawsuit says. Halpain alleges that the pirated data included “customer names, login IDs, passwords, credit and debit card numbers” among other information for nearly 3 million customers worldwide. Later, the company admitted that login and passwords for 38 million users had been accessed.

According to the class action lawsuit, the company has reportedly misrepresented its use of “industry-best practices” in protecting consumer information on numerous occasions. A 2007 bug allowed computer hackers “access to all files on people’s computers” as did a 2011 bug. In 2012, the company’s own servers were accessed by criminals and in 2013, the Adobe Creative Cloud service that Halpain subscribed to had sufficiently weak security protections that it was available on software pirating sites within a day of launch.

As a result of this record and the company’s reliance on a “software-as-a-service” or SAAS system that requires the use of software on non-personal servers, computer security experts cited in the class action lawsuit claim there will be future breaches by computer hackers due to widespread access to source code for various Adobe software products that could include access to financial accounts.

Halpain is seeking damages on behalf of herself and other Adobe Creative Cloud users whose account was compromised during the September 2013 attack on counts of violations of California’s Data Breach and Online Privacy Protection Acts as well as other state statute violations.

The plaintiffs are represented by class action lawyers Eric H. Gibbs, Matthew B. George and Caitlyn D. Finley of Girard Gibbs LLP.

The Adobe Data Breach Class Action Lawsuit is Christina Halpain v. Adobe Systems Inc., Case No. 13-cv-05226, U.S. District Court, Northern District of California.

UPDATE: According to court documents filed on April 22, 2015, the parties are nearing a settlement for the Adobe data breach class action lawsuit.

UPDATE 2: On June 2, 2015, the plaintiffs asked a judge to approve the Adobe data breach class action settlement.