Skip to content ↓ | Skip to navigation ↓

Adobe Systems has been ordered to pay a fine of $1 million as a result of a data breach that exposed the personal information of millions of users back in 2013.

According to reports, the fine will be payable to 15 U.S. states that investigated the computer software company over the breach.

“Under a multistate agreement today, Adobe will pay $1 million to North Carolina and 14 other states and implement new policies and practices to prevent similar breaches,” read a press release issued by North Carolina’s Department of Justice.

In September 2013, an attacker gained access to one of Adobe’s servers, stealing encrypted payment card numbers; expiration dates; names; addresses; telephone numbers; emails; and usernames; as well as other data.

At the time, Adobe notified more than 3 million users whose credit card data was stolen and an additional 33 million whose credentials were compromised.

In North Carolina alone, Attorney General Roy Cooper said more than 50,000 residents were affected by the breach.

The participating states said the fine penalized the company for not adopting reasonable security measures to protect its systems from an attacker or having proper measures in place to immediately detect the attack, the press release noted.

Other states in the settlement included: Arkansas, Connecticut, Illinois, Indiana, Kentucky, Maryland, Massachusetts, Missouri, Mississippi, Ohio, Oregon, Pennsylvania and Vermont.

“Consumers who entrust a company with their personal data should have that trust respected,” said Massachusetts Attorney General Maura Healey in a statement.

“Adobe put consumers’ personal data at risk of being compromised by a data breach, and that is unacceptable. This settlement will put in place important new practices to ensure that breach like this does not happen again,” added Healey.