San Jose, Calif.-based computer software company Adobe has been ordered to pay $1.1 million in legal fees, as well as an "undisclosed settlement" to users, after a data breach affected 38 million people.

The hack, which resulted in the theft of Adobe IDs, encrypted passwords and credit card information, was first unveiled on Oct. 3, 2013 by security researcher Brian Krebs. Source code for the popular Acrobat program as well as other apps also was stolen.

Citing "shoddy security protocols," the complaint further stated that the intrusion was 13 times larger than the company originally claimed. As well, despite assertions that it provides reasonable security controls to protect users, the lawsuit, filed in Northern California, said the company's security practices are "substandard."

Adobe contended that plaintiffs' charges were without merit as they did not show actual injury. However, U.S. District Judge Lucy Koh found users' costs of responding to the breach and the potential for future damage very real.