Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Incident Response

Ashley Madison Dating Site to Pay $1.6 Million Over Breach

The operators of the Ashley Madison affair-minded dating website agreed Wednesday to pay a $1.6 million penalty over a data breach exposing data from 36 million users, US officials announced.

The operators of the Ashley Madison affair-minded dating website agreed Wednesday to pay a $1.6 million penalty over a data breach exposing data from 36 million users, US officials announced.

Ashley Madison’s Canadian parent company Ruby agreed to the penalty to settle charges with the US Federal Trade Commission and state regulators for failing to protect confidential user information.

The settlement comes after a hacker group last year released what was said to be personal data on millions of members of Ashley Madison, who were based in 46 countries. The fallout led to reports of blackmail and even suicides.

The financial penalty, split between the federal government and US states suing the company, would increase to $8.75 million to the FTC plus $8.75 million to states if Ashley Madison fails to abide by new information security practices and refrain from misleading consumers.

“This case represents one of the largest data breaches that the FTC has investigated to date, implicating 36 million individuals worldwide,” said FTC chairwoman Edith Ramirez.

“The global settlement requires AshleyMadison.com to implement a range of more robust data security practices that will better protect its users’ personal information from criminal hackers going forward.”

No compensation

Ramirez said the penalty being paid is too small to allow for “redress” or compensation to affected consumers, noting that compensation is rarely obtained in data security cases.

Advertisement. Scroll to continue reading.

“We want them (the company) to feel the pain, we don’t want them to profit from unlawful conduct,” Ramirez told reporters in a conference call.

But she added that “it would not serve the public interest to put them out of business.”

Earlier this year, the dating website — whose motto had been “life is short, have an affair” rebooted, calling itself an “open-minded dating” service.

The company said at the time it will no longer use female “bots” or automated programs that respond to members pretending to be women on the hunt for men. According to the FTC complaint, until August 2014, operators of the site lured customers, including 19 million Americans, with fake profiles of women designed to convert them into paid members.

The company failed to adequately protect users’ personal information such as date of birth, relationship status and sexual preferences, according to the complaint.

The company confirmed the settlement, saying it would help it move past the hacking episode.

“Today is a pivotal day for our members and for Ashley Madison,” said a statement from Ruby chief executive Rob Segal.

“Today’s settlement closes an important chapter on the company’s past and reinforces our commitment to operating with integrity and to building a new future for our members, our team and our company.”

The settlement followed an investigation in cooperation with consumer protection authorities in Canada and Australia. Thirteen US states plus the federal District of Columbia joined the lawsuit.

Written By

AFP 2023

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Incident Response

Microsoft has rolled out a preview version of Security Copilot, a ChatGPT-powered tool to help organizations automate cybersecurity tasks.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Application Security

GitHub this week announced the revocation of three certificates used for the GitHub Desktop and Atom applications.

Incident Response

Meta has developed a ten-phase cyber kill chain model that it believes will be more inclusive and more effective than the existing range of...

Cloud Security

VMware described the bug as an out-of-bounds write issue in its implementation of the DCE/RPC protocol. CVSS severity score of 9.8/10.