Ashley Madison Data Breach Victims Can’t Sue Anonymously
In what is possibly one of the most embarrassing data breaches in recent history, 37 million account holders on “hookup” site AshleyMadison.com woke up to the devastating news last August that hackers had infiltrated the website and released the members’ names online.
The website, which reportedly helps its members connect for the specific purpose of having extramarital affairs, was targeted by a hacking group over faulty claims of anonymity; in other words, the site was charging its members to “delete” their information, but then not actually deleting it.
Now, anonymity is coming back to haunt the victims of the breach yet again. More than forty plaintiffs represent a class action lawsuit filed against AshleyMadison’s parent company, Avid Life Media, but a judge has now ruled that the plaintiffs cannot remain anonymous. In order to file their suit and move forward, they must agree to be identified in court records, or drop down to being members of the class action suit instead of representatives.
The privacy issue at the heart of this matter isn’t just the release of the names. In this case, AshleyMadison charged individuals and collected a fee to remove any trace of them from the site. When the data breach happened, these former members’ names were revealed because of the receipt process the website used after payment. The only reason someone would need a $19 receipt from AshleyMadison is if they had at one time had an account, which serves as an indication that they’d planned on having an affair. Whether the individuals ever followed through or thought better of it isn’t the point; they paid to be erased, and the very process of erasing them is what caused their names to be part of the stolen database.
Lawyers have already predicted that this will be a tough lawsuit, whether the plaintiffs reveal their names or not. Essentially, the individuals in question did engage in the behavior they’re now claiming their spouses found out about, namely, seeking out sexual partners. The lawsuit stems from the fact that their lives were irreparably affected by having this secret revealed, and legal experts have cautioned that if it was actually a viable and life-altering concern for the plaintiffs, they wouldn’t have done it in the first place. The sentiment is that they can’t get upset that their privacy was violated, if they were the ones who set the violation in motion.
But there’s another element to the loss of privacy, and that’s the failure to notify AshleyMadison members that a data breach was forthcoming. The hacker group who stole the databases and released the information online warned Avid Life Media first, and stated that failure to take down their site due to this very receipt policy would result in publishing the information. Attorneys have claimed that failure to notify the members after the initial contact from the hackers is the same as failing to notify any consumer of a data breach, and therefore makes the website culpable for the harm that has been done.
Anyone can be a victim of identity theft, anyone can use our services, and anyone can help us help others. If you found this information useful, please consider donating to the Identity Theft Resource Center to help us keep our services free to the public.