allheart55 (Cindy E)
Administrator
The Federal Trade Commission (FTC) has demanded Ashley Madison pay US $1.6 million for its failure to protect millions of users' data.
As we all recall, hackers stole a database containing the usernames, passwords, and other personal information for all 37 million users of the pro-affair adult dating website back in the summer of 2015.
The stolen data was ultimately published online, a leak which led more than one Ashley Madison user to commit suicide and extortionists to blackmail site members and their wives.
The FTC launched a probe into Ashley Madison in July 2016 to determine if the company had taken adequate steps to protect its users' data leading up to the breach. Among other things, it sought to determine if Ashley Madison honored those users who paid US $20 for a "Full Delete" of their information from the company's servers.
But as the FTC explains in its complaint, it turns out the company was unfaithful to its users:
"...Defendants have represented, expressly or by implication, directly or indirectly, that they would delete all of the information of consumers who chose the Full Delete option on AshleyMadison.com. ...In truth and in fact, ... even for those consumers who paid a $19 fee for the Full Delete option, Defendants retained the information from those profiles for up to 12 months. Therefore, the representation... is false or misleading."
No doubt the breach damaged Ashley Madison's reputation among its users. Fortunate for them, the company has owned up to at least some its missteps by agreeing to settle with the FTC.
FTC Chairwoman Edith Ramirez told Ars Technica that Ashley Madison has agreed to a settlement of US $17.9 million. The dating website doesn't currently have that amount, so it will pay a $1.6 million sum.
That still doesn't mean the FTC won't collect the remainder of the fine at a later date. As noted by Megan Geuss of Ars Technica:
"Ramirez noted that the commission looks at financial information provided by the company when the FTC is determining ability to pay. She added that the settlement was made with a so-called 'avalanche clause' stipulating that if it later becomes apparent that Ashley Madison’s operators can pay more, the company will be obligated to pay the full amount."
Those provisions aside, Ramirez said the FTC will not be creating a redress program for users who paid for the "Full Delete" option.
With that said, I can only hope everyone's learned a lesson from this experience. Ashley Madison should have a pretty clear idea now about what doesn't work when it comes to users' data security. Additionally, hopefully some of its former members might now consider going to couple's counseling before agreeing to hook up online.
The idea of having an affair might still appeal to them, but as the Ashley Madison hack demonstrates, doing so doesn't pay and can hurt A LOT of people in the process.
Source: Graham Cluley
