Judge Keeps Most of Adobe Data Breach Class Action Lawsuit

Top Class Actions’s website and social media posts use affiliate links. If you make a purchase using such links, we may receive a commission, but it will not result in any additional charges to you. Please review our Affiliate Link Disclosure for more information.

A federal judge has kept most of the claims in an Adobe data breach class action lawsuit and even allowed several plaintiffs to remedy the ones she nixed in a blow to the tech giant following a 2013 hacking attack that resulted in the release of thousands of credit card numbers and other personal identifying information.

The plaintiffs alleged that the company moved most of its services to the Creative Cloud, a suite of multimedia editing and creation services that users connect to through the internet, rather than install on their computers. As a result, Adobe keeps credit card information on its servers to verify that payments are made on a monthly or annual basis. However, as U.S. District Judge Lucy Koh noted in her order denying the motions to dismiss the Adobe data breach class action lawsuit, “the hackers spend several weeks inside Adobe’s network without being detected” and spent months downloading source code and credit card numbers among other information.

In fact, the tech giant’s Oct. 3, 2013 disclosure wouldn’t have even come about until “independent security researchers discovered stolen Adobe source code on the internet.” As a result, Judge Koh agreed with the plaintiffs that it was plausible that they were “immediately in danger of sustaining some direct injury as the result of the challenged conduct,” in this case violations of the Computer Records Act. She found it unconvincing that a court had recently decided against plaintiffs suing Director of National Intelligence James Clapper about the NSA wiretapping program.

Those plaintiffs had failed to identify a clear threat because, as human rights organizations and attorneys, their claims rested on a “highly attenuated” and “highly speculative” chain of events. The actions of the hackers in deciphering the credit card numbers over the course of several weeks “constitutes a cognizable injury-in-fact” as was the purchase by some plaintiffs of credit monitoring software in order to protect their identities.

One area where the class action lawyers will need to re-focus their claims is regarding the time it took for Adobe to disclose the data breach. While it took the company weeks to find out about it, Judge Koh was not fully persuaded that it had not acted diligently once it was aware of the problem that the period between when the company found out and when it disclosed would have increased the likelihood of identity theft.

The plaintiffs are represented by class action lawyers Eric H. Gibbs, Matthew B. George and Caitlyn D. Finley of Girard Gibbs LLP.

The Adobe Data Breach Class Action Lawsuit is In re: Adobe Systems Inc. Privacy Litigation, Case No. 13-cv-05226, in the U.S. District Court for the Northern District of California.

UPDATE: According to court documents filed on April 22, 2015, the parties are nearing a settlement for the Adobe data breach class action lawsuit.

UPDATE 2: On June 2, 2015, the plaintiffs asked a judge to approve the Adobe data breach class action settlement.