Plaintiffs in an Adobe class action lawsuit brought by representatives of the data subjects whose data was hacked in a data breach incident which Adobe suffered from in 2013, have recently agreed to a settlement in this case.
The settlement noted that the FTC conducted an investigation into whether Adobe engaged in deceptive or unfair acts or practices related to consumer privacy and/or data security in violation of §5 of the FTC Act. The investigation concluded without any enforcement actions being taken.
Under the settlement, Adobe agrees to implement 31 new security measures over the next year to specifically address the issues identified by the case. Although these security measures will not be disclosed to the public, a security expert has analyzed them and determined that they comprise reasonable security measures and conform to industry standards, practices, and guidelines. Adobe will submit to a security audit in order to confirm the implementation of these new measures.
In a recent California lawsuit, Columbia Casualty Company (CNA) sued its policyholder, Cottage Health System (CHS), claiming there was no coverage for the $4.1 million settlement paid by CHS to approximately 51,000 plaintiffs whose private medical information was stolen when a hacker broke into CHS’ data system. CNA had sold a “NetProtect360” insurance policy to CHS, but is claiming that the policy is not entirely “360.” CNA claims that “Failure to Follow Minimum Required Practices” exclusion, precludes coverage on the alleged grounds that CHS failed to follow its own description of its data security system in the insurance application. Additionally, this failure to follow the description renders the description a misrepresentation in the application process and accordingly, all coverage is withdrawn.