Ashley Madison owner will pay $1.7M to settle hacking fallout
December 14, 2016
As published by the NY Daily News on December 14, 2016.
The July 2015 data breach at AshleyMadison.com has proven a costly affair for the adultery website’s owner.
Ruby Corp., which owns the cheater-catering site, has agreed to pay $1.7 million in penalties to the Federal Trade Commission, 13 states and the District of Columbia to resolve charges of lax cybersecurity that allowed hackers to access personal information of more than 30 million customers, New York Attorney General Eric Schneiderman announced Wednesday.
The company avoided a much larger penalty of $17.5 million initially sought by the governments because it is struggling financially and unable to pay, Schneiderman’s office said.
“This settlement should send a clear message to all companies doing business online that reckless disregard for data security will not be tolerated,” said Schneiderman.
The investigation into AshleyMadison.com revealed that the site, among other things, failed to maintain documented information security policies or practices and misrepresented its safeguards to consumers. The site went so far as to bill itself as having won a fictitious “Trusted Security Award.”
Investigators also found that AshleyMadison created fake female profiles to attract male customers and misled consumers who purchased the site’s “Full Delete” option, which cost $19 and was supposed to allow users the ability to remove all traces of their usage from the system. In reality, the site retained the information for up to 12 months.
Under the settlement, New York will receive $81,330.94. Up to 652,627 New York residents were members of Ashley Madison at the time of the security breach.