Ashley Madison site to pay gov $1.6M after data breach
Toronto — The Toronto-based parent company of the adultery dating site Ashley Madison will pay $1.6 million in settlements following an investigation led by the U.S. Federal Trade Commission into a massive breach of the company’s computer systems and the outing of millions of its members.
Hackers breached the company’s systems in July 2015 and then posted the information online a month later after the company didn’t comply with their demands to shut down Ashley Madison. New York Attorney General Eric Schneiderman said Wednesday that reckless disregard for data security won’t be tolerated.
The investigation found lax data security practices and says the company made several misrepresentations, including a “Trusted Security Award” that appears to have been fabricated.
It also found Ashley Madison created fake female profiles to entice male users. In some instances, the attorney general said, it used portions of the profile photographs of actual users who had not had account activity within the previous year as the photographs in the fake profiles that it created.
The website — whose slogan was “Life is short. Have an affair” — is marketed to people looking for extramarital relationships. It once purported to have about 39 million members. Husbands and wives across the world were confronted with their partners’ extramarital affairs after the catastrophic leak spewed electronic evidence of infidelity across the Internet. The hacking triggered extortion crimes and led to unconfirmed reports of suicides.
Forums such as Reddit — the user-powered news and discussion site — carried stories of anguished husbands and wives confronting their partners after finding their data among the massive dump of information.
The New York attorney general’s office said the settlement with the company is for $17.5 million but said remainder of the $17.5 million payment is suspended based on ruby Corp.’s inability to pay.
In addition to monetary penalties, the attorney general’s office said ruby Corp. agreed to cease engaging in certain deceptive practices, to not create fake profiles, and to implement a stronger data security program.
“Today’s settlement closes an important chapter on the company’s past and reinforces our commitment to operating with integrity,” Rob Segal, newly appointed CEO of ruby, said in a statement.