Skip to main content
  1. Home
  2. Computing
  3. News

Ashley Madison agrees to $17.5 million fine, will pay $1.6 million for now

By

Ashley Madison Hack
Image used with permission by copyright holder
There are a number of ways that hackers can impact an individual or an organization. They can steal personal and private information and use it for identity theft and they can run ransomware that holds data hostage unless a ransom is paid. The impact on individuals and businesses can be devastating.

Another impact of attacks and data breaches can be legal and regulatory, namely when an organization is found guilty of negligence in protecting user information. That is exactly what occurred with the Ashley Madison data breach, where the records of 36 million users were leaked — the Federal Trade Commission (FTC) has agreed to a $17.5 million settlement with the site’s operators, Ars Technica reports.

Ashley Madison is a site aimed at matching individuals who are looking for discrete relationships. The very nature of the site means members do not want their information shared and the August 2015 hack was particularly egregious for those whose identities were revealed. The hackers let loose usernames, full names, passwords, and some other identifying information such as addresses and credit card information.

It wasn’t just the leaked information that caused the FTC to impose the fine. In addition, Ashley Madison was found to have failed to follow up on the terms of a $20 “Full Delete” fee whereby user information was supposed to be purged and was not. In addition, the site operators were dinged for creating fake “female” user accounts to attract new members.

While the total settlement is $17.5 million, the FTC agreed to allow Ashley Madison’s operators to pay only $1.6 million after considering what they could actually afford to hand over. There is an “avalanche clause,” however, that remains in effect and whereby the entire $17.5 million will become due if the operators are found to be able to pay more. They will also be required under the terms of the FTC’s ruling to implement new data security protocols and to submit to third-party auditing to ensure that user data is being protected.

The FTC cannot easily determine how much to fine sites like Ashley Madison because it is difficult to determine monetary damages based on the harm caused by such data breaches. In this case, the FTC also cannot return the $20 fee customers paid to have their data deleted. In the end, the most that members can hope for is that the fine was sufficient to compel the site’s operators to lock things down more tightly.

Topics
Mark Coppock
Mark Coppock
Computing Writer
Mark has been a geek since MS-DOS gave way to Windows and the PalmPilot was a thing. He’s translated his love for…
A dangerous new jailbreak for AI chatbots was just discovered
the side of a Microsoft building

Microsoft has released more details about a troubling new generative AI jailbreak technique it has discovered, called "Skeleton Key." Using this prompt injection method, malicious users can effectively bypass a chatbot's safety guardrails, the security features that keeps ChatGPT from going full Taye.

Skeleton Key is an example of a prompt injection or prompt engineering attack. It's a multi-turn strategy designed to essentially convince an AI model to ignore its ingrained safety guardrails, "[causing] the system to violate its operators’ policies, make decisions unduly influenced by a user, or execute malicious instructions," Mark Russinovich, CTO of Microsoft Azure, wrote in the announcement.

Read more