View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
December 15, 2016

Ashley Madison website hit with $1.6 million fine over 2015 security breach

The Federal Trade Commission (FTC) levelled the fine over poor cyber security practices at Ashley Madison, including a lack of a written information security policy.

By Alexander Sword

The owners of dating site Ashley Madison have been fined $1.6 million over a data breach in 2015 that exposed the details of 36 million users.

The Federal Trade Commission (FTC) levelled the fine over several poor practices at Ashley Madison, including a lack of a written information security policy.

Ashley Madison also did not have in place reasonable user access controls, adequate security training of employees, knowledge of third party security practices or measures to monitor the effectiveness of its own security practices.

The site was reportedly breached several times between November 2014 and June 2015, with the lax security practices preventing the operators from realising.

This paved the way for the July 2015 breach that led to the account information being published online by hackers, including information that users had paid to have fully purged from the site.

ashley-madison-3The FTC also criticised the fact that many customers on Ashley Madison were lured by fake profiles.

“This case represents one of the largest data breaches that the FTC has investigated to date, implicating 36 million individuals worldwide,” said FTC Chairwoman Edith Ramirez.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

“The global settlement requires to implement a range of more robust data security practices that will better-protect its users’ personal information from criminal hackers going forward.”

Compared to the scale of the breach and the severity of the FTC claims, the fine is fairly low. This is due to the financial situation of the Ashley Madison owners.

However, the court also imposed a further $8.75 million fine that would be partially suspended upon payment of $828,500. If the Ashley Madison operators are found to have misrepresented their finances, this total will become due.

The investigation involved the Australian and Canadian authorities.

The news comes as Yahoo discloses the details of another data breach dating back to 2013 which may have affected more than one billion user accounts. This breach is believed to be separate to the 2014 breach revealed in September where 500 million accounts had been accessed.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.