No money, no honey: Ashley Madison to pay $1.66mn for data breach

16 Dec, 2016 00:02 / Updated 8 years ago

Extramarital dating website Ashley Madison may be finally out of the dog house following the August 2015 hack of its users’ information. The initial $17.5 million settlement fine with the Federal Trade Commission has been reduced to $1.66 million.

An August 2015 hack of Ashley Madison exposed not only their deceptive practices and weak cybersecurity, but also 36 million users’ personal data. As a result, the Federal Trade Commission (FTC) filed a suit against the affair facilitating website that resulted in a $17.5 million settlement which was reduced Thursday to $1.66 million, due to an inability to pay.

I recognize that it was a far lower number frankly than I would have liked,” FTC chairwoman Edith Ramirez said, adding that “this case represents one of the largest data breaches that the FTC has investigated to date, implicating 36 million individuals worldwide.

The breach of Ashley Madison’s user information occurred in July 2015. Hackers offered to withhold revealing users’ information if Ashley Madison shuttered its services, but the website refused, and its 36 million user database went on display to the world.

Naturally, many people were not thrilled with having their names associated with a website whose slogan was “Life is short. Have an affair.” But one group of users was particularly upset, because they had paid $20 for what was advertised as a “full delete.

At the time of the breach, Ashley Madison’s users only had two options for deleting their accounts. For an additional cost, they could use the Basic Deactivation, which would remove profiles from search results but leave the profiles accessible to users that had communicated with the profile. For $19, a full delete would remove the profile, messages, site usage history and photographs from the website.

Unfortunately for the users who shelled out $19 to erase their profiles, they discovered they were bilked after their information turned up in the breach. As it turned out, Ashley Madison would retain information for as long as 12 months, according to the FTC complaint.

The FTC also notes one of the funnier revelations resulting from the Ashley Madison breach. While the website’s welcome message may claim that they “have thousands of women in [the consumer’s] city who are in the exact same situation as [the consumer] and looking to have a discreet affair,” it turned out that most of those women were bots.

The FTC claims that as of 2014, there were 28,417 fake “engager profiles” that communicated with consumers to attract users to stay on the site.

While the $1.66 million settlement is over 10 times lower than the original settlement, Ashley Madison may not get off so easily. There’s still the matter of a $578 million class action lawsuit.