WASHINGTON (Legal Newsline) — The Federal Trade Commission (FTC) announced Dec. 14 that the operators of Toronto-based AshleyMadison.com will settle allegations they deceived consumers and failed to protect 36 million users’ accounts and profile information. The failure led to a massive July 2015 network breach.
“This case represents one of the largest data breaches that the FTC has investigated to date, implicating 36 million individuals worldwide,” said FTC Chairwoman Edith Ramirez. “The global settlement requires AshleyMadison.com to implement a range of more robust data security practices that will better-protect its users’ personal information from criminal hackers going forward.”
The FTC charged that until August 2014, the operators of AshleyMadison.com lured new members in by creating fake accounts of women. Additionally, the company allegedly had lax security. It had no written information security policy, no reasonable access controls and inadequate security training of employees. These issues helped lead to the July 2015 data breach. The operators of the site agreed to update security measures and pay $1.6 million in fines.
“Creating fake profiles and selling services that are not delivered is unacceptable behavior for any dating website,” Vermont Attorney General William H. Sorrell said.
“I was pleased to see the FTC and the state attorneys general working together in such a productive and cooperative manner. Vermont has a long history of such cooperation, and it’s great to see that continuing.”