Adobe was ordered to pay $1 million on Monday to settle a lawsuit over a 2013 data breach that impacted about 38 million people, according to KrebsonSecurity.
The lawsuit was filed by 15 state attorneys’ general. According to KrebsonSecurity, the $1 million settlement works out to about $1.80 per victim across the 15 states.
Hackers involved in the breach stole usernames, passwords and payment card data. They also stole some source code for Adobe Acrobat and Reader, Photoshop and ColdFusion.
As security breaches become more frequent, it’s important that businesses do as much as they can to protect customer data. But the Adobe settlement was very small, so it does little to motivate other companies to bolster their security to ensure they are better protected. Whether it is state or federal law, many are pushing for businesses to be held accountable for cybersecurity failures.
Some security experts have suggested that fines associated with breaches should correlate to the number of customers impacted.
The FTC has also been working to get businesses to do more to protect consumers from cyber threats. FTC Chair Edith Ramirez recently put companies on notice that the agency expects them to play a role in protecting their customers. The FTC has sued several private-sector companies, including LabMD and Wyndham Hotels, for allegedly failing to protect consumer data because of lacking cybersecurity practices.