Filed Under:Risk Management, Loss Control

Adultery site Ashley Madison pays $1.65M settlement for 2015 data breach

The multistate probe uncovered lax data-security practices at the company, including a failure to maintain its information-security policies or to use so-called multi-factor authentication to secure remote access. (Photo: Shutterstock)
The multistate probe uncovered lax data-security practices at the company, including a failure to maintain its information-security policies or to use so-called multi-factor authentication to secure remote access. (Photo: Shutterstock)

(Bloomberg) -- Adultery website AshleyMadison.com’s owner agreed to pay a steeply discounted $1.65 million settlement to resolve state and federal probes into a 2015 hack that exposed personal data of 37 million users of the site, whose slogan was “Life is Short. Have an Affair.”

'Inability to pay'


The company, which changed its name to Ruby Corp. from Avid Life Media Inc. after the breach, agreed to a $17.5 million penalty to resolve the multistate investigation, New York Attorney General Eric Schneiderman said in a statement. The amount was reduced by about 90 percent due to an "inability to pay," and the rest was suspended.

“Reckless disregard for data security will not be tolerated,” Schneiderman, who joined with 12 other U.S. states and the U.S. Federal Trade Commission to announce the settlement.

Hackers dumped almost 10 gigabytes of data on the Internet, providing information on previously anonymous users, including email addresses, names and details of sexual preferences and fantasies, authorities said. As many as 652,627 New York residents were members of Ashley Madison at the time of the security breach.

Dating venue


Toronto-based Ruby, which now bills Ashley Madison simply as an online-dating site, has been cooperating with the FTC for more than a year, according to a statement by Rob Segal, the company’s chief executive officer since July.

“Today’s settlement closes an important chapter on the company’s past and reinforces our commitment to operating with integrity,” Segal said in the statement.

Company spokeswoman Debra Quinn declined to comment on why the company can’t afford to pay the full settlement, despite reporting more users than it had at the time of the breach.

The multistate probe uncovered lax data-security practices at the company, including a failure to maintain its information-security policies or to use so-called multi-factor authentication to secure remote access, according to the statement.

'One of the largest data breaches'


"This case represents one of the largest data breaches that the FTC has investigated," Chairwoman Edith Ramirez said in a statement.

The investigation revealed Ashley Madison failed to purge the user information of millions of customers who cancelled their memberships, even though many had paid for a premium service that promised their data wouldn’t be stored on the company’s servers, according to the attorney general’s statement.

Under the accord, the website operator also agreed to not use fake female profiles, which were often created to entice customers, according to the statement. The data breach revealed those profiles to be bogus and exposed the company’s use of customer photographs for phony profile pictures, it said.

"It used portions of the profile photographs of actual users who had not had account activity within the previous year as the photographs in the fake profiles that it created, cropping or hiding users’ faces, but not their bodies," Schneiderman said.

The hack led Noel Biderman, the company’s former CEO, to step down, and triggered a probe by the Federal Bureau of Investigation, the U.S. Department of Homeland Security and the Royal Canadian Mounted Police.

Related: Ashley Madison hack leads to Canadian class action seeking $578M

Copyright 2017 Bloomberg. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.

Related

Ashley Madison and Cyber Liability: What’s hiding under the bed?

An international data breach provides important lessons for businesses of all kinds.

Featured Video

Most Recent Videos

Video Library ››

Top Story

Disaster preparedness tips for homeowners

If a disaster strikes where you live, would you be ready? Use these tips to craft a family emergency plan that can keep you safe during a disaster.

Top Story

9 solar eclipse safety tips & risk concerns you need to know for Aug. 21

An estimated 500 million people across North America will be impacted as the moon passes between the sun and Earth in the 70-mile wide path of the total eclipse on Aug. 21, 2017.

More Resources

Comments

eNewsletter Sign Up

PropertyCasualty360 Daily eNews

Get P&C insurance news to stay ahead of the competition in one concise format - FREE. Sign Up Now!

Mobile Phone

Advertisement. Closing in 15 seconds.