The extra-marital affair website, Ashley Madison, announced in June 2015 that the site had been hacked and the data for millions of its users had been compromised.
In today’s fast-paced, technology-focused environment, data privacy and security are significant priorities to consumers. Emerging compliance laws struggle to keep up with newer business models and technologies; however, with a lack of resources devoted to cyber-security, the legal community points out that significant awards are a real potential for clients who have experienced what appears to be a trend involving issues over forged emails and counterfeit websites, attacks involving denial of service, system and privacy hacks, and unauthorized access issues.
Parker Waichman is investigating potential class action lawsuits on behalf of individuals and businesses that suffered a data breach with the Ashley Madison extra-marital dating site.
Regardless of the type of service offered by a website, “consumers must be confident that their data will be protected,” The New York Times writes.
Ashley Madison Dating Website Data Breach
The Ashley Madison dating website, which serves some 37 million married individuals who seek extramarital, adult affairs, made headlines in June 2015 when it announced it suffered a serious data breach; this, despite the fact that the operators of the site long hyped its data security prowess.
Anyone aged 18 or older may open an account at Ashley Madison. The site touts that it is the best site for affairs, promises discretion, and provides customers with the ability to use a pseudonym. The Ashley Madison tagline is: “Life’s too short. Have an affair” and the site is self-described as “the most famous name in infidelity and married dating.” The service has also long promised users that they may delete their profiles for $19 fee; however, the hackers argue that user information is never actually deleted. Ashley Madison insists that, when users scrub their accounts, all information is erased. Meanwhile, the site waived its deletion fee for all members following news of the hack, according to The New York Times.
Avid Life Media owns Ashley Madison as well as two other popular websites that were also breached: Cougar Life and Established Men, according to The Associated Press (AP). Avid Life Media indicates that it has 40 million members, worldwide.
In response to the breach at Ashley Madison, Bruce Schneier, chief technology officer for Resilient Systems, a security company, told The New York Times, “I think we’re going to see more of it as people see how effective it is.” In fact, data breaches make consumers increasingly susceptible to identity theft and leave significant personal information at serious risk, including:
- Name: real and pseudonym
- Email address
- Financial data
- Birth date
- Social Security number
- Chat history, information, and transcripts
- Member ID
- User name
- Telephone Number
- Employment information
- Credit or debit card information
- Other private, personal information
Ashley Madison Data Released
The Ashley Madison site is attractive to blackmailers and hackers due to its large member databases and the nature of the site.
The group, which goes by the name “Impact Team,” took credit for the breach and indicated that it was displeased with Ashley Madison’s “full delete service,” according to CNN Money. The service promises a complete deletion of a user’s profile and all related data for a $19 fee.
One of Impact Team’s complaints was that the site did not delete Ashley Madison account data. Avid Life Media announced that it had adjusted its policy for deleting user data. “We immediately launched a thorough investigation,” the company told The New York Times, “utilizing leading forensics experts and other security professionals to determine the origin, nature and scope of this incident.”
The hackers expressed their disagreement with these promises and were quoted as writing, in a manifesto published by Brian Krebs, a reporter who covers online security that, “Full Delete netted [Avid Life Media] $1.7 million in revenue in 2014. It’s also a complete lie…. Users almost always pay with credit card; their purchase details are not removed as promised, and include real names and address, which is of course the most important information the users want removed.” For its part, Avid Life Media defended its service and indicated that it would provide the full delete service free of charge, adding that it had hired “one of the world’s top IT security teams” to work on the breach; Avid Life Media did confirm that Impact Team might have obtained the personal information of millions of Ashley Madison’s members.
Impact Team threatened that Avid Life Media must shutter the website, or the Ashley Madison user data, which includes real names, passwords, and members’ financial transactions, would be released, The New York Times wrote.
While Ashley Madison maintains that once a user deletes an account, all related information is erased, Impact Team maintains that user information is not ever permanently erased. Security experts have said that this knowledge, in particular, points to the possibility that someone within the company is likely involved with the hack. In fact, Noel Biderman, chief executive of Avid Life Media, told Krebs that the hacker, “was definitely a person here that was not an employee but certainly had touched our technical services,” according to The New York Times.
American copyright law does allow for Ashley Madison to scrub the private user information that was leaked in the breach and posted elsewhere; Avid Media indicated that it was doing just that. According to Paul Ferguson, senior adviser for Trend Micro, a security software provider, information on Ashley Madison that was deleted in one online forum is now appearing on others. He told The New York Times, “Once something is published on the Internet, it’s there forever.”
Ashley Madison Data Dump
At first, Impact Team released some information online; however, what was released did not represent the bulk of what was collected. “We immediately launched a thorough investigation … utilizing leading forensics experts and other security professionals to determine the origin, nature, and scope of this incident,” Avid Life Media responded.
According to Sophos Ltd., when the hackers first accessed the Ashley Madison data, they threatened to make a large-scale dump of the user data. They followed with a 10GB release of user data. Krebs has confirmed that at least some of these originally released records are valid. The hackers then published an additional 20GB of alleged user data.
Hackers Extorting Ashley Madison Users
The hacker group is now demanding money, according to Krebs, who published a confirmed example of one of these extortion demands as a warning to users who may be targeted. Sophos Ltd. described the single example as, “something of a drop in the ocean.”
Krebs says he learned of the scale of the extortion scheme when representatives from an email filtering company contacted him to say that, for its part, the company was taking steps to block outgoing extortion attempts from any “rogue users” of its service. The extortionist attempt Krebs highlighted relies on the Ashley Madison data posted that has already been dumped and states that he will not contact the victim’s spouse if the user sends money in the form of Bitcoins in the amount of BTC1.00000001, which is a little under $200 U.S. dollars. The one-hundred-millionth of a Bitcoin, which is known as a satoshi—Satoshi Nakamoto is the inventor of the Bitcoin system—, represents the smallest fraction of a Bitcoin that may be traded, Sophos Ltd. explained.
The extortion email reads:
- Unfortunately, your data was leaked in the recent hacking of Ashley Madison and I now have your information. If you would like to prevent me from finding and sharing this information with your significant other send exactly 1.0000001 Bitcoins…
Two Suicides Reported Following Dump of Breached Ashley Madison Data
Following the threats of the release of Ashley Madison user data making headlines, reports of two suicides allegedly tied to the Ashley Madison data breach were received. Toronto Police official, Bryce Evans, announced at a press conference on August 24, 2015 that the Toronto police are leading the international investigation into the Ashley Madison suicides, but would not say where the suicides took place. Evans did state that the reports are under investigation, according to BNO News. “The ripple-effect of the Impact Team’s actions has, and will continue to, have a long-term social and economic impact, and they have already sparked spin-offs of crimes and further victimization,” he said.
According to the BBC, acting staff superintendent Evans, addressing his comments to the Impact Team hackers said, “I want to make it very clear to you your actions are illegal and we will not be tolerating them. This is your wake-up call.” He also stated, according to BNO News, that, “We’re talking about families. We’re talking about their children, we’re talking about their wives, we’re talking about their male partners….. That’s gonna have impacts on their lives. We now have hate crimes that are the result of this. There are so many things that are happening. So the reality is, we’re saying to you at the end of the day, this is not the fun and games that’s been portrayed a lot in different media outlets [and] live radio stations. This isn’t fun and games anymore. This is reality, it’s affecting all of us.”
Mounting Ashley Madison Data Breach Lawsuits in the News
Since news of the Ashley Madison hack in June 2015, at least eight Ashley Madison users nationwide have filed lawsuits, according to Sky News. The users involved—from California, Texas, Missouri, Georgia, Tennessee, and Minnesota—seek class action status. The lawsuits seek unspecified damages, claim negligence, breach of contract, and privacy violations; the users also allege that Ashley Madison neglected to take reasonable steps to protect their security, including those users who paid a special fee to ensure their information would be deleted.
Users of the Ashley Madison website have expressed significant concern over, not only potential identity theft, but also regarding the resulting shame that release of intimate sexual preferences and activities may cause. In some case, site registration, with no resultant affair, occurred and may also put marriages in jeopardy.
Need Legal Help?
New York City, Long Island, New Jersey, and Florida
Our personal injury attorneys in New York City are here to help you when you need it the most.