New York - Adultery website AshleyMadison.com’s owner
agreed to pay a steeply discounted $1.65 million fine to resolve state and
federal probes into a 2015 hack that exposed personal data of 37 million users
of the site whose slogan was “Life is Short. Have an Affair.”
The company, which changed its name to Ruby from Avid
Life Media after the breach, agreed to a $17.5 million penalty to resolve a
multistate investigation, New York Attorney General Eric Schneiderman said in a
statement. The fine was reduced by about 90 percent due to an "inability
to pay," and the rest of the amount was suspended.
“Reckless disregard for data security will not be
tolerated,” Schneiderman, who joined with 12 other US states and the US
Federal Trade Commission to announce the settlement.
Read also: Hack exposes 6.4m kids' data
Hackers dumped almost 10 gigabytes of data on the
Internet, providing information on previously anonymous users, including e-mail
addresses, names and details of sexual preferences and fantasies, authorities
said. As many as 652 627 New York residents were members of Ashley Madison at
the time of the security breach.
The multi-state probe uncovered lax data-security
practices at the company, including a failure to maintain its
information-security policies or to use so-called multi-factor authentication
to secure remote access, according to the statement.
The hack led Noel Biderman, the Toronto-based company’s
former chief executive officer, to step down, and triggered a probe by the
Federal Bureau of Investigation, the US Department of Homeland Security and the
Royal Canadian Mounted Police.
BLOOMBERG