Deal made two years after massive data breach.
The Toronto, Canadian based parent company of the now infamous infidelity dating site Ashley Madison has reached a $11.2 million settlement deal with US class action lawsuits, after a massive security breach two years ago that made headlines the world over.
The data breach lawsuits were filed in the aftermath of a 2015 incident involving as many as 37 million members’ personal identifying information being exposed online. After attorney fees, costs, and administration fees, only around $7 million will be shared out amongst the lawsuit’s litigants.
Ruby Life Inc (known in 2015 as ‘Avid,’ agreed to pay the settlement following a number of class-action lawsuits that alleged “inadequate data security practices and misrepresentations regarding Ashley Madison”. The settlement will pay, among other things, for “payments to settlement class members who submit valid claims for alleged losses resulting from the data breach and alleged misrepresentations as described further in the proposed settlement agreement”.
The Holy Trinity?
The plaintiffs behind the lawsuit, were part of a collection of three originally separate class-action lawsuits that banded together, alleging that Ashley Madison “misrepresented that they had taken reasonable steps to ensure AshleyMadison.com was secure and that the data breach resulted in the public release of certain personal information contained in AshleyMadison.com accounts and included account information of some users who had paid a fee to delete their information from the AshleyMadison.com website”.
In a statement, Ruby Life Inc stated that it denied any wrongdoing, and reiterated that “merely because a person’s name or other information appears to have been released in the data breach does not mean that person actually was a member of Ashley Madison… [but, had agreed to settle to] avoid the uncertainty, expense, and inconvenience associated with continued litigation.”
Joint investigations by privacy officials and law enforcement agents in Canada and Australia concluded last year that Ashley Madison had inadequate security safeguards and policies when it was targeted by hackers. One of the damning conclusions centred around the fact that users who paid to have their details erased permanently from the Ashley Madison servers, discovered as a result of the 2015 hack Ashley Madison still had all their details, much of which was unencrypted.
The group that hacked Ashley Madison were known as the “Impact Team” and dumped almost 100 gigabytes of affair specialists Ashley Madison’s user data onto the internet. It was thought that Ashley Madison’s users could take some solace in the fact that at least their passwords were encrypted. Not that there was much solace to go round. After having your login, email, and credit card details, and geographic locations released on Tor, it probably couldn’t have got much worse. The hackers then posted the information online a month later after the company didn’t comply with their demands to shut down Ashley Madison.