Sunday, December 22, 2024
Hawai'i Free Press

Current Articles | Archives

Monday, December 26, 2016
Hawaii Sue and Settle vs. Ashley Madison
By News Release @ 10:01 AM :: 4871 Views :: Ethics

A.G. Schneiderman Announces $17.5 Million Settlement With Owner Of Ashleymadison.com In Joint Multi-State And FTC Agreement

Settlement Follows Investigation Finding That Adult Dating Website Maintained Lax Security Practices, Misled Consumers About Its Data Security, And Created Fake Female Profiles To Entice Male Users

In Addition to Penalties, Settlement Requires The Website To Implement Stronger Data Security Program And Cease Deceptive Practices 

News Release from New York State Attorney General December 14, 2016 

NEW YORK—Attorney General Eric T. Schneiderman joined twelve other states, the District of Columbia, and the Federal Trade Commission Wednesday in announcing a $17.5 million settlement with ruby Corp., which owns the dating website AshleyMadison.com. The settlement follows an investigation into the July 2015 hack of the website that resulted in the online publication of user information for millions of AshleyMadison.com members, including photographs, usernames, email addresses, communications, and other profile information.

The settlement includes an immediate payment of $1,657,000 divided amongst the states and the Federal Trade Commission, of which New York will receive $81,330.94. The remainder of the $17.5 million payment is suspended based on ruby Corp.’s inability to pay. Up to 652,627 New York residents were members of Ashley Madison at the time of the security breach.

(According to the parallel suit filed Dec 14—and settled the same day--by the Hawaii Office of Consumer Protection, 33,362 consumers signed up for AshleyMadison in Hawaii and 370 later paid for the bogus ‘Full Delete’ option.)

“This settlement should send a clear message to all companies doing business online that reckless disregard for data security will not be tolerated,” said Attorney General Schneiderman. “All companies have a responsibility to protect the privacy and personal information of consumers, and my office will continue to work with other state and federal authorities to protect consumers from online threats.”

The investigation found lax data security practices including a failure to (i) maintain documented information security policies or practices; (ii) utilize multi-factor authentication to secure remote access; and (iii) formally and adequately train company staff and management.

The Ashley Madison website also made several misrepresentations regarding its data security, including a “Trusted Security Award,” which appears to have been fabricated and had not been awarded by any certification entity; use of an emblem indicating “Certified Zero Risk TM,” which had not been awarded by any certification entity; and representations that it was a “100% Discreet Service” and “100% Secure.”

The Ashley Madison website also offered a “Full Delete” option to consumers.  The “Full Delete” option was advertised to consumers as the ability to “remove all traces of your usage for only $19.00” and it was the only option for consumers who wanted to permanently delete their account profiles. However, the website retained certain information of consumers who purchased the “Full Delete” option for up to twelve months in order to address requests for chargebacks. Additionally, the website did not delete all consumer information from its system, even after twelve months. In particular, the company failed to delete users’ photographs, and in some instances chat communications, nicknames, and sexual preferences. Many users whose information was disclosed in the July 2015 security breach had purchased the “Full Delete,” in some cases more than twelve months prior to the security breach.  As many as 7,989 New York residents had purchased the “Full Delete” option at the time of the breach.

Ashley Madison also created fake female profiles (which it called “engager profiles”) that they used to entice male users who were using Ashley Madison’s free services, to purchase credits to communicate with other members, including “members” with fake profiles. In some instances, it used portions of the profile photographs of actual users who had not had account activity within the previous year as the photographs in the fake profiles that it created, cropping or hiding users’ faces but not their bodies.

In addition to monetary penalties, ruby Corp. agreed to cease engaging in certain deceptive practices, to not create fake profiles, and to implement a stronger data security program. The multistate enforcement action consisted of Alaska, Arkansas, Hawaii, Louisiana, Maryland, Mississippi, North Dakota, Nebraska, New York, Oregon, Rhode Island, Tennessee, Vermont, and the District of Columbia.

New York was represented by Bureau of Internet and Technology Deputy Bureau Chief Clark Russell, under the supervision of Bureau Chief Kathleen McGee. The Bureau of Internet and Technology is overseen by Executive Deputy Attorney General for Economic Justice Manisha M. Sheth.

---30---

Links

TEXT "follow HawaiiFreePress" to 40404

Register to Vote

2aHawaii

Aloha Pregnancy Care Center

AntiPlanner

Antonio Gramsci Reading List

A Place for Women in Waipio

Ballotpedia Hawaii

Broken Trust

Build More Hawaiian Homes Working Group

Christian Homeschoolers of Hawaii

Cliff Slater's Second Opinion

DVids Hawaii

FIRE

Fix Oahu!

Frontline: The Fixers

Genetic Literacy Project

Grassroot Institute

Habele.org

Hawaii Aquarium Fish Report

Hawaii Aviation Preservation Society

Hawaii Catholic TV

Hawaii Christian Coalition

Hawaii Cigar Association

Hawaii ConCon Info

Hawaii Debt Clock

Hawaii Defense Foundation

Hawaii Family Forum

Hawaii Farmers and Ranchers United

Hawaii Farmer's Daughter

Hawaii Federation of Republican Women

Hawaii History Blog

Hawaii Jihadi Trial

Hawaii Legal News

Hawaii Legal Short-Term Rental Alliance

Hawaii Matters

Hawaii Military History

Hawaii's Partnership for Appropriate & Compassionate Care

Hawaii Public Charter School Network

Hawaii Rifle Association

Hawaii Shippers Council

Hawaii Together

HiFiCo

Hiram Fong Papers

Homeschool Legal Defense Hawaii

Honolulu Navy League

Honolulu Traffic

House Minority Blog

Imua TMT

Inouye-Kwock, NYT 1992

Inside the Nature Conservancy

Inverse Condemnation

July 4 in Hawaii

Land and Power in Hawaii

Lessons in Firearm Education

Lingle Years

Managed Care Matters -- Hawaii

MentalIllnessPolicy.org

Missile Defense Advocacy

MIS Veterans Hawaii

NAMI Hawaii

Natatorium.org

National Parents Org Hawaii

NFIB Hawaii News

NRA-ILA Hawaii

Obookiah

OHA Lies

Opt Out Today

Patients Rights Council Hawaii

Practical Policy Institute of Hawaii

Pritchett Cartoons

Pro-GMO Hawaii

RailRipoff.com

Rental by Owner Awareness Assn

Research Institute for Hawaii USA

Rick Hamada Show

RJ Rummel

School Choice in Hawaii

SenatorFong.com

Talking Tax

Tax Foundation of Hawaii

The Real Hanabusa

Time Out Honolulu

Trustee Akina KWO Columns

Waagey.org

West Maui Taxpayers Association

What Natalie Thinks

Whole Life Hawaii