Adultery hookup website “Ashley Madison” have been been ordered to pay out $1.6 million to exposed users of the site following last year’s hack and leak of account data.
“The operators of the Toronto-based AshleyMadison.com dating site have agreed to settle Federal Trade Commission and state charges that they deceived consumers and failed to protect 36 million users’ account and profile information in relation to a massive July 2015 data breach of their network,” declared the Federal Trade Commission in a press release on Wednesday. “The settlement requires the defendants to implement a comprehensive data-security program, including third-party assessments. In addition, the operators will pay a total of $1.6 million to settle FTC and state actions.”
“This case represents one of the largest data breaches that the FTC has investigated to date, implicating 36 million individuals worldwide,” said FTC Chairwoman Edith Ramirez. “The global settlement requires AshleyMadison.com to implement a range of more robust data security practices that will better-protect its users’ personal information from criminal hackers going forward.”
The FTC’s sanctions also relate to the discovery that Ashley Madison had created fake female profiles in order to entice male users to the site.
“Creating fake profiles and selling services that are not delivered is unacceptable behavior for any dating website,” said Vermont Attorney General William H. Sorrell. “I was pleased to see the FTC and the state attorneys general working together in such a productive and cooperative manner. Vermont has a long history of such cooperation, and it’s great to see that continuing.”
13 states reportedly worked with the FTC to secure a settlement against Ashley Madison’s parent company “ruby Corp,” including Alaska, Arkansas, Hawaii, Louisiana, Maryland, Mississippi, Nebraska, New York, North Dakota, Oregon, Rhode Island, Tennessee, and Vermont. On top of the exposed security flaws, the FTC also criticized the fact that Ashley Madison retained information on users who had paid a fee to delete their account data.
“In addition to the provisions prohibiting the alleged misrepresentations and requiring a comprehensive security program, the proposed federal court order imposes an $8.75 million judgment which will be partially suspended upon payment of $828,500 to the Commission,” declared the FTC’s press release. “If the defendants are later found to have misrepresented their financial condition, the full amount will immediately become due. An additional $828,500 will be paid to the 13 states and the District of Columbia.”