Cheating website settles with U.S. after data breach
toronto» Ruby Corp., the Toronto-based parent company of the adultery dating site Ashley Madison, will pay $1.6 million in settlements following an investigation led by the U.S. Federal Trade Commission into a massive breach of the company’s computer systems and the outing of millions of its members.
Hackers broke into the company’s systems in July 2015 and then posted the information online a month later after the company didn’t comply with their demands to shut down Ashley Madison. New York Attorney General Eric Schneiderman said Wednesday that reckless disregard for data security will not be tolerated. New York joined 12 other states, the District of Columbia and the FTC in the investigation.
New York’s attorney general said the investigation found lax data security practices and said the company made several misrepresentations, including a “Trusted Security Award” that appears to have been fabricated.
It also found Ashley Madison created fake female profiles to entice male users.
The website — whose slogan was “Life is short. Have an affair” — is marketed to people looking for extramarital relationships. It once purported to have about 39 million members.
Husbands and wives across the world were confronted with their partners’ extramarital affairs. The hacking triggered extortion crimes and led to unconfirmed reports of suicides.
The New York attorney general’s office said the settlement with the company is for $17.5 million but said the remainder of the $17.5 million payment is suspended based on Ruby’s inability to pay.
In addition to monetary penalties, the attorney general’s office said Ruby agreed to cease engaging in certain deceptive practices, to not create fake profiles, and to implement a stronger data security program.
“This case represents one of the largest data breaches that the FTC has investigated to date, implicating 36 million individuals worldwide,” FTC Chairwoman Edith Ramirez said. “The global settlement requires AshleyMadison.com to implement a range of more robust data security practices that will better-protect its users’ personal information from criminal hackers going forward.”