William Dotinga reports:
Adobe will face the bulk of a class action stemming from “shoddy security protocols” that led to a massive data breach, a federal judge ruled Thursday.
After hackers stole the credit card and log-in data of 38 million people from Adobe’s systems last year, consumers behind the sprawling consolidated action faulted Adobe for ignoring industry experts – and its own history of data breaches.
Unlike other cases where plaintiffs could not prove “impending” harm, the plaintiffs seem to have managed to convince Judge Koh on that point. Dotinga reports:
“There is no need to speculate as to whether the hackers intend to misuse the personal information stolen in the 2013 data breach or whether they will be able to do so,” Koh wrote in the 41-page opinion. “Not only did the hackers deliberately target Adobe’s servers, but plaintiffs allege that the hackers used Adobe’s own systems to decrypt customer credit card numbers. Some of the stolen data has already surfaced on the Internet, and other hackers have allegedly misused it to discover vulnerabilities in Adobe’s products. Given this, the danger that plaintiffs’ stolen data will be subject to misuse can plausibly be described as ‘certainly impending.’ Indeed, the threatened injury here could be more imminent only if plaintiffs could allege that their stolen personal information had already been misused. However, to require plaintiffs to wait until they actually suffer identity theft or credit card fraud in order to have standing would run counter to the well-established principle that harm need not have already occurred or be ‘literally certain’ in order to constitute injury-in-fact.”
Read more on Courthouse News.