Ashley Madison is paying the price for the hack that exposed the info of 36 million customers, and we don’t just mean through executive departures. The owners of the cheat-on-your-spouse site, Ruby Corp, have settled charges from both the US Federal Trade Commission and 13 states alleging that it both misled users and didn’t do enough to protect their info. The actual fine is small — Ashley Madison was intended to pay a total of $17.5 million, but can only afford to pay just over $1.6 million. However, the reforms may go a long way toward solving some of the underlying problems that led to both the breach and shady business practices.
The settlement demands a “comprehensive” data security program that includes periodic security risk assessments (both internal and third-party) and “reasonable safeguards” against any potential attacks identified in those reports. Ashley Madison also has to be more truthful. It can’t offer fake users, display bogus security awards or retain data from customers despite promising to wipe it clean. That last point is a sore one — the site charged $19 for a “Full Delete” that supposedly eliminated all traces of your account, but hackers managed to get that info regardless.
Australia and Canada (Ashley Madison’s home turf) have reached their own settlements, in part through data shared from the FTC.
It’s doubtful that the penalty will change minds about Ashley Madison, at least not in the short term. It’s been over a year since the July 2015 hack, and it will take a while longer to find out how well the infidelity site honors regulators’ demands. Still, it brings a basic level of closure to those burned by Ashley Madison’s willingness to play fast and loose with the truth.