- The Washington Times - Wednesday, December 14, 2016

The owners of Ashley Madison, the infamously hacked extramarital dating site, have agreed to pay $1.6 million to resolve federal and state probes spurred by last year’s massive breach, authorities said Wednesday.

In agreeing to the settlement, the Federal Trade Commission and 13 states will suspend investigations launched against Ashley Madison’s parent company, Ruby Corp., as a result of the data breach that exposed the personal information of millions of the website’s users as well as evidence of the company’s misleading business practices and false promises of privacy and security.

Formerly known as Avid Life Media, the recently re-branded Toronto-based firm behind Ashley Madison landed in hot water last year after a trove of internal company data and personal details pertaining to 37 million accounts were publicly shared online July 2015.

Known for its since-abandoned slogan, “Life is Short — Have an Affair,” the data dump led to account holders across United States and Canada being threatened with blackmail and extortion by scam artists who attempted to financially benefit from the breach, and reportedly caused at least one former customer to commit suicide.

But in addition to causing embarrassment for the website’s users, the breach also resulted in complication for its parent company after it became evident that certain security safeguards and privacy protections weren’t in place as promised.

Prior to the breach, Ashley Madison’s website boasted emblems and awards that touted its services as “100% discreet,” “risk free” and “completely anonymous,” and allowed users an option to pay a one-time fee in order to supposedly have their account information permanently purged. When gigabytes of internal data landed online, however, it quickly became clear that the company had retained allegedly deleted data and failed to properly implement standard information security safeguards.

Further reviews of the company’s internal data revealed that Avid had created fake female user accounts in an attempt to entice male customers. Avid’s former CEO, Noel Biderman, resigned within weeks of the data dump amid criticism directed over the website’s practices, and his successors have since disavowed Avid’s past deployment of “fembots” to lure in men.

In addition to paying $1.65 million in penalties, Ruby Corp. pledged to implement a comprehensive information security program and “refrain from past business practices that may have allegedly been misleading to consumers.”

“The global settlement requires AshleyMadison.com to implement a range of more robust data security practices that will better-protect its users’ personal information from criminal hackers going forward,” FTC chair Edith Ramirez said in a statement.

Government officials had initially sought $17.5 million in fines from Ruby, but accepted a settlement worth roughly one-tenth that amount due to “Ruby Corp.’s inability to pay,” according to the attorney general’s office in New York, one of 13 states that opened probes following last year’s breach in addition to the FTC.

“This settlement should send a clear message to all companies doing business online that reckless disregard for data security will not be tolerated,” New York state Attorney General Eric T. Schneiderman said in a statement.

LOAD COMMENTS ()

 

Click to Read More

Click to Hide