WASHINGTON (Legal Newsline) —
The Federal Trade Commission (FTC) announced Dec. 14 that the operators of
Toronto-based AshleyMadison.com will settle allegations they deceived consumers
and failed to protect 36 million users’ accounts and profile information. The failure led to
a massive July 2015 network breach.
“This case represents one of the largest data breaches that the FTC has
investigated to date, implicating 36 million individuals worldwide,” said FTC Chairwoman
Edith Ramirez. “The global settlement requires AshleyMadison.com to implement a range
of more robust data security practices that will better-protect its users’ personal information
from criminal hackers going forward.”
The FTC charged that until
August 2014, the operators of AshleyMadison.com lured new members in by
creating fake accounts of women. Additionally, the company allegedly had lax
security. It had no written information security policy, no reasonable access
controls and inadequate security training of employees. These issues helped
lead to the July 2015 data breach. The operators of the site agreed to update security
measures and pay $1.6 million in fines.
“Creating fake profiles and selling services that are not delivered is
unacceptable behavior for any dating website,” Vermont Attorney General William H. Sorrell said.
“I was pleased to see the
FTC and the state attorneys general working together in such a productive and
cooperative manner. Vermont has a long history of such cooperation, and it’s great to see that