From the it-was-inevitable-department:
A customer in California has filed a potential class action lawsuit against Adobe Systems in federal court for the Northern District of California. It appears to be the first one filed, although I’m pretty sure it won’t be the last. In any event, it’s worth a blog post at least.
I know, I know…. we’ve seen so many lawsuits that get dismissed because plaintiffs can’t prove unreimbursed financial harm, right? But this Adobe lawsuit has a few aspects to it that make it worth noting:
1. Adobe didn’t just assure customers of “reasonable” security. It bragged – in several places – about using “best practices” and “industry-leading” methods. So they raised the bar on consumers’ expectations for security.
2. The plaintiff in this case, Christina Halpain, is a graphics designer whose credit card info had to remain on file with Adobe for a subscription service. Indeed, she alleges she cannot even cancel her subscription without having to pay a monetary penalty under the terms of the subscription contract.
3. The plaintiff designs and maintains web sites for others. Because the breach also involved Adobe source code, she had to notify her clients that their sites were now more vulnerable to attack, and she incurred additional work and responsibilities because Adobe allegedly did not adequately secure their own source code.
4. The complaint also notes that Adobe should have known it was susceptible to hacks as it had had numerous previous breaches, which are all listed in the complaint.
The complaint was filed Monday, and Adobe has not yet responded to it. I will be following the case, so expect more posts on this lawsuit in the future.
For now, I’ve uploaded the complaint, here (pdf, 22 pp, 3.95MB). See what you think.