back to article Ashley Madison wide open to UK privacy lawsuits, claim lawyers

The Ashley Madison hack could cost the company millions and millions of pounds in compensation and settlements in the UK alone, according to lawyers Pinsent Masons. Around 9.7GB of customer data from the website for people who seemingly can't be trusted, and a sister site, were released by hackers on Tuesday night following …

  1. Pascal Monett Silver badge
    Stop

    Wait a minute

    "anyone suing for breach of privacy could expose themselves to greater risk of divorce proceedings"

    Ok, ok, the clear editorial stance on this issue is that ALM customers are dirty, dirty cheaters.

    And there are cheaters, obviously. I would not be surprised if the cheaters were the majority, or even the vast majority.

    But there are single people in there as well, and you can't treat them the same, now can you ? Given the amount of customers, there is probably a significant amount of single people who should have no qualms whatsoever in going to court. That is a real risk for ALM, but one that this article doesn't even consider.

    It's nice to have a clear target to mow down, obviously, and I myself have stated that I couldn't care less if ALM folds or not, but it might be time to set the "cheater, cheater" megaphone down and bring a bit more objectivity to this serious issue, don't you think ?

    1. Turtle

      Re: Wait a minute

      "'anyone suing for breach of privacy could expose themselves to greater risk of divorce proceedings.' Ok, ok, the clear editorial stance on this issue is that ALM customers are dirty, dirty cheaters."

      You don't think that stating that a person attempting to sue ALM and therefore publicly admitting to having used the site in order to have an adulterous affair would be risking the wrath and resentment of their spouse - both for the adulterous intentions and the subsequent public humiliation? To me, the statement that you criticize seems like a very straightforward statement of fact, as opposed to a moral judgement.

      1. Pascal Monett Silver badge

        I don't think that married men on the site are going to step forward at all.

        What I'm saying is that the article makes as if that is all there is, and that is not the case. There are single people seeking to hook up, and it is likely that there are enough to seriously damage ALM in court. Is that a straightforward enough statement of fact for you ?

        1. Turtle

          Here's What I Was Hoping To Find Out.

          How about explaining the means by which the statement "anyone suing for breach of privacy could expose themselves to greater risk of divorce proceedings" implies that "ALM customers are dirty, dirty cheaters". 'Cause that's some bizarre logic there.

          And as for your statement "I don't think that married men on the site are going to step forward at all." - I'd like to hear why married men wouldn't step forward, because I expect that your answer would be something along the lines of "anyone suing for breach of privacy could expose themselves to greater risk of divorce proceedings". But you can prove me wrong.

    2. Captain DaFt

      Re: Wait a minute

      Class action Lawsuit's already started, led by a widower:

      http://jist.news/ashley-madison-member-exposed-as-a-widower-leading-lawsuit-against-the-site

      1. h4rm0ny

        Re: Wait a minute

        >>"Class action Lawsuit's already started, led by a widower:"

        He says that he signed up after his wife died and wants $7.5m dollars in damages. That's a lot of money.

  2. The JP

    Might not be as easy as that...

    1. Will AM have the funds to pay when you finally get judgment? Or will your compensation be left over stationary and AM-branded T-shirts?

    2. AM is based in Canada so probably not subject to the UK data protection act (and ditto re tort based claims). Contract claims are also presumably Canadian law, though I haven't tried to register to check!

    3. You would have to prove AM failed to implement suitable security measures (i.e. the mere fact the breach occurred is not sufficient). This could be difficult if this is in fact an inside job.

    1. h4rm0ny

      Re: Might not be as easy as that...

      >>"3. You would have to prove AM failed to implement suitable security measures (i.e. the mere fact the breach occurred is not sufficient). This could be difficult if this is in fact an inside job."

      Which looks very, very likely. The "blackmail" aspect doesn't hold up - pretty much everything points to this being someone with privileged access and a major, major grudge against AM. Maybe they got cheated on and blame AM for it, maybe it's something else. But this doesn't look like some random hacking team exploiting a SQL injection in order to make money. Which means they might be able to start from a shortlist of suspects and there's a very good chance, imo, that we might find out who did this. In which case they are in some very deep trouble.

      But anyway, the point is as it looks like an inside job that is very, very hard to guard against. I work with companies that have excellent technical security but could be floored by one rogue employee. Can you sue someone for having lax security in this area? When even the most secure organizations are susceptible to betrayal from the inside?

      If you disagree, consider the name "Snowden".

      1. Captain DaFt

        Re: Might not be as easy as that...

        -Can you sue someone for having lax security in this area? When even the most secure organizations are susceptible to betrayal from the inside?

        If you disagree, consider the name "Snowden".-

        Yes, But... A company that refused to delete sensitive information, even when paid to do just that?

        They're screwed.

        1. h4rm0ny

          Re: Might not be as easy as that...

          >>"Yes, But... A company that refused to delete sensitive information, even when paid to do just that?"

          Did they actually do that, though? I know it's been alleged but not sure there's any evidence. They still have the 'please close my account' ones in there, as expected. But do they have the paid for complete data removal ones. When is the dump from? A removal request could be after the time of the theft.

  3. Ralph B

    What?

    > "With all the extra publicity, Ashley Madison is only going to be getting more users," Mikko Hypponen, CRO of F-Secure commented.

    Sorry, but I must question Mr Hypponen's thinking skills.

    The "publicity" includes revelations that:

    1) 95% of their userbase are men;

    2) They don't permanently delete user information that users have paid them $19 on the promise so to do;

    3) They can't keep their user database private.

    How could he possibly think that such publicity would encourage more users to enrole?

    1. LucreLout

      Re: What?

      How could he possibly think that such publicity would encourage more users to enrole?

      Men who are stupid enough to leave a digital audit trail of their affairs, having presumably paid monthly to do so, are in all probability not too bright.

    2. Anonymous Coward
      FAIL

      Re: What?

      There's the old adage, much used by dumb but pushy marketing folk, eager to prove they're at least one evolutionary step above tapeworms, that 'there is no such thing as bad publicity'.

      These dump muppets are about to find out how wrong that view is.

      Pull up a chair, this is going to get interesting.

    3. Anonymous Coward
      Anonymous Coward

      Re: What?

      1) 95% of their userbase are men;

      Wow. Either the blokes will not be getting their money's worth, or the women are very busy, and probably having to operate a shift and rota system.

      1. Anonymous Coward 101

        Re: What?

        "the women are very busy..."

        You know what? I imagine some of the women on the site actually are very busy...

    4. Anonymous Coward
      Anonymous Coward

      Re: What?

      how could this fiasco, in light of your irrefutable logic, generate more customers? Why, because people are dumb, sir. Or, to be more precise, male specimen of the homo sapiens species.

  4. chivo243 Silver badge

    could expose themselves to greater risk of divorce proceedings?

    Unless your this guy who has already been outed... what more is there to loose?

    http://www.telegraph.co.uk/technology/internet-security/11815766/Ashley-Madison-Britains-first-divorce-proceedings-launched.html

    1. Anonymous Coward
      Anonymous Coward

      Re: could expose themselves to greater risk of divorce proceedings?

      if you were divorced because of this leak, surely any lawsuit against Ashley Madison will be asking for massive compensation...

      Look at the potential losses...

      50%+ of your assets, possible hefty maintenance payments, plus the simple fact you've lost your wife .. so add in costs of finding a new one...

      So your probably talking hundreds of thousands of pounds maybe millions per person in damages....

      but really anyone married to someone who is dumb enough to pay to use an adultery website is probably better off without them...

  5. Anonymous Coward
    Anonymous Coward

    wonder if the NSA have been Blackmailing their way through the Database?

    Obviously, before it was leaked. The hack could have cost them significant leverage.

  6. Turtle

    Users And What They're Using.

    "With all the extra publicity, Ashley Madison is only going to be getting more users.."

    I'll tell you what kind of "users" they're going to be getting: drug users. Because any man who will sign up with a sleaze site having that kind of track record, and whose clientele is 90% male, just has to be on drugs.

  7. drand

    And another thing...

    It's not just the people on the list who gave accurate information and were using the site for its intended purpose who might like to take legal action, is it?

    It's those who were signed up maliciously and discovered AM performed no verification that the owner of the email address was consenting to creating an account.

  8. Kevin Fairhurst

    Any financial institution with an ounce of sense is going to be searching the dataset to see if any of their staff are on there... there could be an increased risk of blackmail with that person, and it needs to be managed accordingly. Imagine your partner finding out through THAT rather than searching through the dataset herself...

    "HI dear, you're home early, how was work? Is everything okay?"

    "I've been put on gardening leave as I'm at risk of blackmail due to the Ashley Madison data leak..."

    1. drand

      Indeed - anyone with a security clearance who's on that list - especially a DV - will be expecting a tap on the shoulder.

  9. Anonymous Coward
    Anonymous Coward

    AM not "hacked" - this is an "inside job"

    Describing the AM data release events (two of them so far) as "hacks" is - in my opinion - incorrect... if you have studied the (nearly) 30Gb of data there's source code (Git repositories), emails, financial accounts, organisational structure diagrams, marketing documents, sales documents, partnership agreements, loan agreements, technology stack documentation, office floor plans - more or less something from every part of the organisation has been taken as well as the user data from the actual website.

    It is infeasible to believe that AM's public/production servers would have this stuff on them or that AM's public servers are even co-located or connected with their back-office and corporate systems... hence this stinks of being an "inside job".

    Someone with reasonably good Linux and Windows sysadmin abilities and the root/administrator passwords has had a thorough rummage through the whole of Avid Life (the corporate body/parent) and is releasing the data - this is "data theft" and not an external "hack" (via SQL injection or whatever).

    I would not be surprised if Avid Life and the FBI have a list of suspects already.

    I'm not sure where this leaves AM's legal defence but if their site was secure, they took all reasonable precautions and were duly diligent [and can prove it] then they might not be guilty of doing anything wrong. At the same time if they catch the insider and can prove that he/she did it then this may further bolster their case.

    Let us not forget that all of the data released would fit on a single USB key.

    I also expect that we have not been told the whole story regarding the motivation ... distracted ex-employee? extortion? Christian extremist right? the G-men? who knows? Your conspiracy theories welcome ;-)

    G

  10. Anonymous Coward
    Anonymous Coward

    1.2 million?

    Where do they get that figure of 1.2 million UK users from? Sounds way improbable, but maybe I live a sheltered life.

    Assuming the 90% men profile, that's 1.08 million UK men out of about 31 million. Eliminate the 0 - to 14 year olds - 25 million, assume that anyone over the age of 65 is worldly enough to realise this was never a good idea - and under 24s are probably having way too much fun to bother, we are down to 16.8 million males. so we are saying 6% of 'eligible' UK men registered (and paid money????) on a dodgy Canadian website that no one heard about until it was hacked?

    I reckon it will turn out that 1.2 million UK users is actually just 9 sad gits and 1 sad gitess who couldn't remember their username and kept re-registering.

    1. Anonymous Coward
      Anonymous Coward

      Re: 1.2 million?

      Sounds better than 937 males and 6 females though!

  11. Emperor Zarg
    Joke

    I have been with her sister too

    "Around 9.7GB of customer data from the website for people who seemingly can't be trusted, and a sister site, were were released by hackers on Tuesday night following last month's megabreach."

    Do you think Ashley Madison is going to find out that I've been with her sister too? If she does find out, should I try for a three-way?

  12. Anonymous Coward
    Anonymous Coward

    Companies...

    Thanks to our wonderful system where liability can be assigned to a fictional entity, in most cases a Ltd Company, why is the law suit an issue? They'll have insurance, and if not, they can just dissolve and create a fresh face.

  13. BenBell
    Big Brother

    Lets do the maths..

    1.2 Million UK subscribers, 64.1 million uk population (Thanks Google!)... Based on the size of my offie, there are at least 5 cheating scumbags in here.

    Let the witch hunt begin.

  14. Sporkinum

    Almost half a million

    There are around half a million co.uk email addresses in the dump. Not to mention all the other generic addresses.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like