Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Incident Response

Ashley Madison Dating Site to Pay $1.6 Million Over Breach

The operators of the Ashley Madison affair-minded dating website agreed Wednesday to pay a $1.6 million penalty over a data breach exposing data from 36 million users, US officials announced.

The operators of the Ashley Madison affair-minded dating website agreed Wednesday to pay a $1.6 million penalty over a data breach exposing data from 36 million users, US officials announced.

Ashley Madison’s Canadian parent company Ruby agreed to the penalty to settle charges with the US Federal Trade Commission and state regulators for failing to protect confidential user information.

The settlement comes after a hacker group last year released what was said to be personal data on millions of members of Ashley Madison, who were based in 46 countries. The fallout led to reports of blackmail and even suicides.

The financial penalty, split between the federal government and US states suing the company, would increase to $8.75 million to the FTC plus $8.75 million to states if Ashley Madison fails to abide by new information security practices and refrain from misleading consumers.

“This case represents one of the largest data breaches that the FTC has investigated to date, implicating 36 million individuals worldwide,” said FTC chairwoman Edith Ramirez.

“The global settlement requires AshleyMadison.com to implement a range of more robust data security practices that will better protect its users’ personal information from criminal hackers going forward.”

No compensation

Ramirez said the penalty being paid is too small to allow for “redress” or compensation to affected consumers, noting that compensation is rarely obtained in data security cases.

Advertisement. Scroll to continue reading.

“We want them (the company) to feel the pain, we don’t want them to profit from unlawful conduct,” Ramirez told reporters in a conference call.

But she added that “it would not serve the public interest to put them out of business.”

Earlier this year, the dating website — whose motto had been “life is short, have an affair” rebooted, calling itself an “open-minded dating” service.

The company said at the time it will no longer use female “bots” or automated programs that respond to members pretending to be women on the hunt for men. According to the FTC complaint, until August 2014, operators of the site lured customers, including 19 million Americans, with fake profiles of women designed to convert them into paid members.

The company failed to adequately protect users’ personal information such as date of birth, relationship status and sexual preferences, according to the complaint.

The company confirmed the settlement, saying it would help it move past the hacking episode.

“Today is a pivotal day for our members and for Ashley Madison,” said a statement from Ruby chief executive Rob Segal.

“Today’s settlement closes an important chapter on the company’s past and reinforces our commitment to operating with integrity and to building a new future for our members, our team and our company.”

The settlement followed an investigation in cooperation with consumer protection authorities in Canada and Australia. Thirteen US states plus the federal District of Columbia joined the lawsuit.

Written By

AFP 2023

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn how the LOtL threat landscape has evolved, why traditional endpoint hardening methods fall short, and how adaptive, user-aware approaches can reduce risk.

Watch Now

Join the summit to explore critical threats to public cloud infrastructure, APIs, and identity systems through discussions, case studies, and insights into emerging technologies like AI and LLMs.

Register

People on the Move

Cloud security startup Upwind has appointed Rinki Sethi as Chief Security Officer.

SAP security firm SecurityBridge announced the appointment of Roman Schubiger as the company’s new CRO.

Cybersecurity training and simulations provider SimSpace has appointed Peter Lee as Chief Executive Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.