Monday, July 17, 2017

Parent company of Toronto-based Ashley Madison agrees to pay $11.2 million to customers whose personal info was exposed in 2015 data breach

The parent company of the Ashley Madison (AM) extramarital-affairs Web site has announced it will pay $11.2 million to settle claims from customers whose personal details were revealed in a July 2015 data breach. We have written 37 posts about high-end professionals who were customers of the AM site, so news of a preliminary settlement hits close to home; to our knowledge, we are the only news site to report extensively on those who have used Ashley Madison.

We intend to continue our coverage well into the future. The consolidated federal litigation, based in St. Louis, Missouri, might be drawing to a close -- although it still must be approved by a judge. But Ashley Madison still is doing business -- and the social, psychological, and familial ramifications raised by the breach will be ongoing, likely for years.

The settlement story has another Alabama angle to it. One of the three primary law firms representing plaintiffs in the case is Birmingham's Heninger Garrison Davis LLC.

From a CNBC report about the preliminary settlement, which was announced last Friday:

The owner of the Ashley Madison adultery website said on Friday it will pay $11.2 million to settle U.S. litigation brought on behalf of roughly 37 million users whose personal details were exposed in a July 2015 data breach.

Ruby Corp, formerly known as Avid Life Media Inc, denied wrongdoing in agreeing to the preliminary class-action settlement, which requires approval by a federal judge in St. Louis.

Ashley Madison marketed itself as a means to help people, primarily men, cheat on their spouses, and was known for its slogan "Life is short. Have an affair."

But the breach cost privately held Ruby more than a quarter of its revenue, and prompted the Toronto-based company to spend millions of dollars to improve security and user privacy.

The hits Ashley Madison has taken go beyond federal litigation in St. Louis. From CNBC:

Last December, Ruby agreed to pay $1.66 million to settle a probe by the U.S. Federal Trade Commission and several states into lax data security and deceptive practices, also without admitting liability.

As for the settlement, users can recover up to $3,500, but it sounds like the process to collect will be cumbersome. Lawyers -- surprise, surprise -- likely will be the financial winners in the whole deal:

Steve Heninger
According to Friday's settlement, users with valid claims can recoup up to $3,500 depending on how well they can document their losses attributable to the breach.

Layn Phillips, a former federal judge who mediated the settlement, said in a court filing that the accord offered "a valuable recovery for the class in the face of many obstacles," including Ruby's preference that victims arbitrate their claims.

Lawyers for Ashley Madison users may receive up to one-third of the $11.2 million payout to cover legal fees, court papers show.

Does anyone seriously believe a shabby outfit like Ashley Madison is going to provide customers with genuine security? I don't, and I would not be surprised if there is another data hack -- probably inside of a year. Anyone dumb enough to still be using the site likely deserves whatever might be coming down the road. That the company refuses to admit wrongdoing suggests -- at least to me -- that it isn't serious about data security. Also, the company's press release about the settlement includes language that points to major ass covering -- still. Consider these words:

While ruby denies any wrongdoing, the parties have agreed to the proposed settlement in order to avoid the uncertainty, expense, and inconvenience associated with continued litigation, and believe that the proposed settlement agreement is in the best interest of ruby and its customers. In 2015, hackers gained access to ruby's computer networks and published certain personal information contained in Ashley Madison accounts. Account credentials were not verified for accuracy during this time frame and accounts may have been created using other individuals' information. Therefore, ruby wishes to clarify that merely because a person's name or other information appears to have been released in the data breach does not mean that person actually was a member of Ashley Madison.

If a mechanic quoted the automotive equivalent of such words to you, would you want to do business with him? Would you want him anywhere near the engine compartment under the hood of your car? I sure as hell wouldn't. As for Birmingham connections, this is from the first paragraph of the Ruby Corp. release:

TORONTO, July 14, 2017 /PRNewswire/ -- Ruby Corp. and Ruby Life Inc. (ruby), and a proposed class of plaintiffs, co-led by Dowd and Dowd, P.C., The Driscoll Firm, P.C., and Heninger Garrison Davis, LLC, have reached a proposed settlement agreement resolving the class action lawsuits that were filed beginning July 2015 following a data breach of ruby's computer network and subsequent release of certain personal information of customers of Ashley Madison, an online dating website owned and operated by Ruby Life Inc. (formerly Avid Dating Life Inc.) The lawsuits, alleging inadequate data security practices and misrepresentations regarding Ashley Madison, have been consolidated in a multi-district litigation pending in the United States District Court for the Eastern District of Missouri.

Yep, Heninger Garrison Davis, on 1st Avenue North in downtown Birmingham, has been in the middle of the Ashley Madison story for some time. It apparently will be involved in the process of doling out cash for AM customers who can prove they have a legitimate claim.


Anonymous said...

Ashley Madison is getting off light at $11.2 mil.

Anonymous said...

Has Ashley Madison ever contacted you asking you to quit posting these articles? I'm guessing they have not or you would have written about it?

You seem to have gotten to the bottom of the barrel in Alabama. I'm curious if any well-connected politicos or judges were on the list.

legalschnauzer said...

@12:40 --

I haven't been contacted by anyone from Ashley Madison, that I know of. I've had all kinds of anonymous comments/threats, etc. from people using fake names and such. I don't know which ones might be real or not. I do believe either bots or real people from Ashley Madison attacked my Scribd account and caused it to be unjustly removed. I intend to get that material back, one way or another.

As far as political figures, Artur Davis probably is the best known one to show up. I have little doubt judges are on there. I'm still researching the data. It's a slow process to plow through it all.

Anonymous said...

The lawyers are going to make out like bandits on this, and Ashley Madison is getting off easy. The victims are getting the s----y end of the stick. Typical.

Anonymous said...

Class actions are a loser, unless you are one of the plaintiffs' lawyers.

Anonymous said...

I always love it when a bunch of crooks like the people behind Ashley Madison say, "We're shelling out $11.2 mil out of the goodness of our heart, but we didn't do anything wrong."

Hah! What bull-bleep.