Jessica Karmasek Aug. 26, 2015, 10:19am


LOS ANGELES (Legal Newsline) - The class action lawsuits are starting to pile up in U.S. federal courts days after Canada-based Ashley Madison, a membership website marketed to people who are married or in a committed relationship, was hit by a massive data breach.

Last month, a group of hackers, calling themselves “The Impact Team,” stole all of Ashley Madison’s customer data -- including email addresses, names, home addresses, sexual fantasies and credit card information -- and threatened to post all of the data online if the website was not permanently closed.

Avid Life Media, the company that owns Ashley Madison, refused to shut down the website. In turn, the hackers released all user data last week.

Days later, class action complaints against Avid Life began trickling into various federal courts.

The first was filed in the U.S. District Court for the Central District of California, Western Division, Aug. 21.

The 16-page lawsuit was filed by a “John Doe,” described in the complaint as a male living in Los Angeles who created an account with Ashley Madison in March 2012.

The plaintiff, who seeks to represent a national class and a California sub-class, claims negligence, invasion of privacy, violation of the state’s Customer Records Act and breach of implied contract, among others.

“This dumping of sensitive, personal and financial information is bound to have catastrophic effects on the lives of the website’s users,” the man wrote in his complaint.

The same day, another class action complaint was filed in the U.S. District Court for the Northern District of Texas.

The 27-page lawsuit, filed by an Austin, Texas, man, asserts Avid Life violated the Stored Communications Act, the Texas Deceptive Trade Practices-Consumer Protection Act and the Texas Identity Theft Enforcement Protection Act. Among his other claims: negligence and breach of contract.

The plaintiff seeks to represent three multi-state classes, including:

- All persons in the U.S. who paid Avid Life for “paid-delete” services, which were improperly performed;

- All persons in the U.S. whose personal information was subject to Avid Life’s security failures and who suffered damages and anticipate and/or are in immediate danger of suffering damages in the amount of fraudulent charges/unauthorized withdrawals made to their credit and/or debit cards, or suffered damages and anticipate and/or are in immediate danger of suffering damages in the amount of overdraft charges made to their credit and/or debit cards; and

- All persons in the U.S. whose personal information was subject to Avid Life’s security failures and who have suffered or anticipate and/or are in immediate danger of suffering damages, loss and/or expenses accruing due to the company’s security failure.

“After learning of the security breach, Defendant failed to notify Plaintiff and the putative Classes in a timely manner and failed to take other reasonable steps to inform them of the nature and extent of the breach,” the man wrote in his complaint. “As a result, Defendant prevented Plaintiff and the putative Class Members from protecting themselves from the breach and caused Plaintiff and Class Members to suffer financial loss and emotional distress.”

Another, similar lawsuit was filed in the U.S. District Court for the Central District of California Monday.

The 38-page class action complaint was filed by a group of five John Does -- one from California, one from Georgia, one from Tennessee, one from Texas and one from Minnesota.

The plaintiffs seek to represent a national class and statewide classes, including a California class. Among their allegations: that Avid Life violated state data breach notification statutes and state consumer protection laws.

“Defendants’ security failures enabled intruders to access and seize customers’ PPI [private personal information] and PFI [personal financial information],” they wrote in their complaint.

They continued, “The PPI the hackers released was of a highly sensitive and personal nature, whose disclosure, not to mention the very fact that a person had an account with Ashley Madison, is likely to and has caused Plaintiffs’ extreme emotional distress/embarrassment, disruption of/interference with Plaintiffs’ personal and social life, and/or economic loss.

“The PFI the hackers released subjects Plaintiffs to a heightened risk of fraud, fraudulent charges, and/or identity theft.”

The plaintiffs in all three lawsuits are seeking class certification, an unspecified amount in damages, interest and attorneys’ fees and costs.

From Legal Newsline: Reach Jessica Karmasek by email at jessica@legalnewsline.com.

More News