Legal Issues surrounding the Ashley Madison Hack
A recent data breach of the Ashley Madison website highlights a variety of legal concerns for businesses that are responsible for the safekeeping of confidential consumer information. This is particularly true in the case of Ashley Madison as it is a dating website that caters to people in committed relationships who are looking to cheat on their partners, selling the site with the tagline: “Life is short. Have an affair.” The hack, which occurred in mid-July, resulted in the alleged theft of millions of confidential user accounts including user names, lists of sexual histories, and identifying personal information such as names or email addresses.
The Events of the Hack
Ashley Madison is a website launched in 2001 with the goal of bringing together people looking to cheat on their partners. Naturally, this particular mission means that the site’s users particularly prized discretion and confidentiality. As a result, Ashley Madison offered a “full delete” service that allegedly scrubbed a person’s information from the website in exchange for a $19 fee. However, the website kept some personal details that it could sell to interested third parties including people’s names, addresses, and purchase histories.
In mid-July, a group of hackers known as the “Impact Team” hacked the website, claiming as a motive the company’s the fact that the company failed to be up-front about the full delete functionality. The hackers compromised people’s personal accounts, company security information, and private company data like salary information. The Impact Team threatened to release the information, if Ashley Madison’s parent company did not take the site down. As of right now, the website is still up and running, and the hackers have released a single profile in order to confirm the seriousness of their intentions.
Ashley Madison’s Legal Concerns
This hack highlights two separate legal issues faced by companies that keep private consumer data. The first is the potential for lawsuits from consumers in the event of a data breach. The second involves issues related to the use or sale of the private consumer data.
With regard to data breach lawsuits, the law varies from state to state. Florida has a fairly extensive data breach statute that went into effect in the middle of last year. The law requires companies with compromised data to notify the Florida Department of Legal Affairs of any breaches in certain specific ways. Additionally, the company must also notify consumers whose data may have been stolen. Of course, if the company failed to take reasonable steps to keep consumer data safe, they may also be subject to lawsuits by injured customers.
The second issue that businesses should consider is the legality of any way that they use private consumer data. Ashley Madison has previously faced legal proceedings under the Unfair and Deceptive Trade Practices Act as a result of the fact that it was allegedly making misleading statements about whether it was selling private information.
Keeping private consumer information is necessary for many businesses, but it does entail some legal risks. If you have questions about data breach litigation or data security requirements, contact a Florida business litigation attorney at Pike & Lustig, LLP today.