Sunday, February 5, 2023
Hawai'i Free Press

Current Articles | Archives

Monday, December 26, 2016
Hawaii Sue and Settle vs. Ashley Madison
By News Release @ 10:01 AM :: 4178 Views :: Ethics

A.G. Schneiderman Announces $17.5 Million Settlement With Owner Of In Joint Multi-State And FTC Agreement

Settlement Follows Investigation Finding That Adult Dating Website Maintained Lax Security Practices, Misled Consumers About Its Data Security, And Created Fake Female Profiles To Entice Male Users

In Addition to Penalties, Settlement Requires The Website To Implement Stronger Data Security Program And Cease Deceptive Practices 

News Release from New York State Attorney General December 14, 2016 

NEW YORK—Attorney General Eric T. Schneiderman joined twelve other states, the District of Columbia, and the Federal Trade Commission Wednesday in announcing a $17.5 million settlement with ruby Corp., which owns the dating website The settlement follows an investigation into the July 2015 hack of the website that resulted in the online publication of user information for millions of members, including photographs, usernames, email addresses, communications, and other profile information.

The settlement includes an immediate payment of $1,657,000 divided amongst the states and the Federal Trade Commission, of which New York will receive $81,330.94. The remainder of the $17.5 million payment is suspended based on ruby Corp.’s inability to pay. Up to 652,627 New York residents were members of Ashley Madison at the time of the security breach.

(According to the parallel suit filed Dec 14—and settled the same day--by the Hawaii Office of Consumer Protection, 33,362 consumers signed up for AshleyMadison in Hawaii and 370 later paid for the bogus ‘Full Delete’ option.)

“This settlement should send a clear message to all companies doing business online that reckless disregard for data security will not be tolerated,” said Attorney General Schneiderman. “All companies have a responsibility to protect the privacy and personal information of consumers, and my office will continue to work with other state and federal authorities to protect consumers from online threats.”

The investigation found lax data security practices including a failure to (i) maintain documented information security policies or practices; (ii) utilize multi-factor authentication to secure remote access; and (iii) formally and adequately train company staff and management.

The Ashley Madison website also made several misrepresentations regarding its data security, including a “Trusted Security Award,” which appears to have been fabricated and had not been awarded by any certification entity; use of an emblem indicating “Certified Zero Risk TM,” which had not been awarded by any certification entity; and representations that it was a “100% Discreet Service” and “100% Secure.”

The Ashley Madison website also offered a “Full Delete” option to consumers.  The “Full Delete” option was advertised to consumers as the ability to “remove all traces of your usage for only $19.00” and it was the only option for consumers who wanted to permanently delete their account profiles. However, the website retained certain information of consumers who purchased the “Full Delete” option for up to twelve months in order to address requests for chargebacks. Additionally, the website did not delete all consumer information from its system, even after twelve months. In particular, the company failed to delete users’ photographs, and in some instances chat communications, nicknames, and sexual preferences. Many users whose information was disclosed in the July 2015 security breach had purchased the “Full Delete,” in some cases more than twelve months prior to the security breach.  As many as 7,989 New York residents had purchased the “Full Delete” option at the time of the breach.

Ashley Madison also created fake female profiles (which it called “engager profiles”) that they used to entice male users who were using Ashley Madison’s free services, to purchase credits to communicate with other members, including “members” with fake profiles. In some instances, it used portions of the profile photographs of actual users who had not had account activity within the previous year as the photographs in the fake profiles that it created, cropping or hiding users’ faces but not their bodies.

In addition to monetary penalties, ruby Corp. agreed to cease engaging in certain deceptive practices, to not create fake profiles, and to implement a stronger data security program. The multistate enforcement action consisted of Alaska, Arkansas, Hawaii, Louisiana, Maryland, Mississippi, North Dakota, Nebraska, New York, Oregon, Rhode Island, Tennessee, Vermont, and the District of Columbia.

New York was represented by Bureau of Internet and Technology Deputy Bureau Chief Clark Russell, under the supervision of Bureau Chief Kathleen McGee. The Bureau of Internet and Technology is overseen by Executive Deputy Attorney General for Economic Justice Manisha M. Sheth.



TEXT "follow HawaiiFreePress" to 40404

Register to Vote


808 Silent Majority

ACA Signups Hawaii

Alliance Defending Freedom

Aloha Pregnancy Care Center

American Council of Trustees and Alumni


Antonio Gramsci Reading List

A Place for Women in Waipio

Astronomy Hawaii

Back da Blue Hawaii

Ballotpedia Hawaii

Better Hawaii

Broken Trust

Build More Hawaiian Homes Working Group

Christian Homeschoolers of Hawaii

Cliff Slater's Second Opinion

DVids Hawaii


Fix Oahu!

Frontline: The Fixers

Genetic Literacy Project

Grassroot Institute

Hawaii Aquarium Fish Report

Hawaii Aviation Preservation Society

Hawaii Catholic TV

Hawaii Christian Coalition

Hawaii Cigar Association

Hawaii Coalition Against Legalized Gambling

Hawaii ConCon Info

Hawaii Credit Union Watch

Hawaii Crop Improvement Association

Hawaii Debt Clock

Hawaii Defense Foundation

Hawaii Family Forum

Hawaii Farmers and Ranchers United

Hawaii Farmer's Daughter

Hawaii Federalist Society

Hawaii Federation of Republican Women

Hawaii Future Project

Hawaii Gathering of Eagles

Hawaii History Blog

Hawaii Homeschool Association

Hawaii Jihadi Trial

Hawaii Legal News

Hawaii Legal Short-Term Rental Alliance

Hawaii Matters

Hawaii's Partnership for Appropriate & Compassionate Care

Hawaii Public Charter School Network

Hawaii Rifle Association

Hawaii Shippers Council

Hawaii Smokers Alliance

Hawaii State Data Lab

Hawaii Together



Hiram Fong Papers

Homeschool Legal Defense Hawaii

Honolulu Navy League

Honolulu Traffic

House Minority Blog

Imua TMT

Inouye-Kwock, NYT 1992

Inside the Nature Conservancy

Inverse Condemnation

Investigative Project on Terrorism

July 4 in Hawaii

Kakaako Cares

Keep Hawaii's Heroes

Land and Power in Hawaii

Legislative Committee Analysis Tool

Lessons in Firearm Education

Lingle Years

Malulani Foundation

Managed Care Matters -- Hawaii

Malama Pregnancy Center of Maui

Military Home Educators' Network Oahu

Missile Defense Advocacy

MIS Veterans Hawaii

NAMI Hawaii

National Christian Foundation Hawaii

National Parents Org Hawaii

NFIB Hawaii News

No GMO Means No Aloha

Not Dead Yet, Hawaii

NRA-ILA Hawaii

Oahu Alternative Transport


OHA Lies

Opt Out Today

Patients Rights Council Hawaii

PEACE Hawaii

People vs Machine

Pritchett Cartoons

Pro-GMO Hawaii


Rental by Owner Awareness Assn

ReRoute the Rail

Research Institute for Hawaii USA

Rick Hamada Show

RJ Rummel

Robotics Organizing Committee

Save Dillingham Airfield

School Choice in Hawaii

Sink the Jones Act

Statehood for Guam

Talking Tax

Tax Foundation of Hawaii

The Real Hanabusa

Time Out Honolulu

Trustee Akina KWO Columns

UCC Truths

US Tax Foundation Hawaii Info

VAREP Honolulu

West Maui Taxpayers Association

What Natalie Thinks

Whole Life Hawaii