Adultery site Ashley Madison sanctioned over client data breach

Adultery website AshleyMadison.com’s owner agreed to pay a steeply discounted USD1.65 million fine to resolve state and federal probes into a 2015 hack that exposed personal data of 37 million users of the site whose slogan was “Life is Short. Have an Affair.”

The company, which changed its name to Ruby Corp. from Avid Life Media Inc. after the breach, agreed to a $17.5 million penalty to resolve a multistate investigation, New York Attorney General Eric Schneiderman said in a statement. The fine was reduced by about 90 percent due to an “inability to pay,” and the rest of the amount was suspended.

“Reckless disregard for data security will not be tolerated,” Schneiderman, who joined with 12 other U.S. states and the U.S. Federal Trade Commission to announce the settlement.

Hackers dumped almost 10 gigabytes of data on the Internet, providing information on previously anonymous users, including e-mail addresses, names and details of sexual preferences and fantasies, authorities said. As many as 652,627 New York residents were members of Ashley Madison at the time of the security breach.

The multi-state probe uncovered lax data-security practices at the company, including a failure to maintain its information-security policies or to use so-called multi-factor authentication to secure remote access, according to the statement.

The hack led Noel Biderman, the Toronto-based company’s former chief executive officer, to step down, and triggered a probe by the Federal Bureau of Investigation, the U.S. Department of Homeland Security and the Royal Canadian Mounted Police. Erik LarsonBloomberg

Categories Business