The parent company of the Ashley Madison extra marital affair (now ‘open minded’) dating website has agreed to pay a $1.6 million penalty over its July 2015 data breach that exposed personal and payment details of 36 million of its users.
The Canadian parent company named Ruby agreed to the relatively small penalty in order to settle charges with the US Federal Trade Commission (FTC) and state regulators for failing to protect confidential user information.
The hacking group known as “Impact Team” dumped almost 100 gigabytes of affair specialists Ashley Madison’s user data onto the internet. It was thought that Ashley Madison’s users could take some solace in the fact that at least their passwords were encrypted. Not that there was much solace to go round. After having your login, email, and credit card details, and geographic locations released on Tor, it probably couldn’t have got much worse.
The hackers then posted the information online a month later after the company didn’t comply with their demands to shut down Ashley Madison.
New York Attorney General Eric Schneiderman said Wednesday that reckless disregard for data security will not be tolerated. The investigation, based in New York, was joined by investigators from 12 other states and nations, including the District of Columbia, the FTC and Australia.
Schneiderman said the results of the investigation found lax data security practices and said the company made several misrepresentations, including a “Trusted Security Award” that appears to have been fabricated.
The small size of the settlement means that Ashley Madison customers who were exposed in the breach will not receive any financial redress for the breach.
Ashley Madison once claimed to have almost 40,000,000 members.
Fallout from the data breach led to reports of blackmail, extortion and in some cases, even suicide.
The original settlement with the company was reportedly for $17.5 million but the rest of the sum has been suspended as Ruby is apparently unable to currently pay the balance. Quite why that was the case has not been made clear.
In addition to the financial penalty, the attorney general’s office said Ruby agreed to cease engaging in certain deceptive practices, to not create fake profiles, and to implement a stronger data security program.
Class-action lawsuits against the company are pending.
Psst! Fancy cheating on that old software clogging up your computer? Well then browse what hot new things are on offer here.