Ashley Madison dating site to pay S$2.28 million over breach

This file illustration taken on Aug 20, 2013 shows the homepage of the Ashley Madison dating website displayed on a laptop in Hong Kong.
This file illustration taken on Aug 20, 2013 shows the homepage of the Ashley Madison dating website displayed on a laptop in Hong Kong.PHOTO: AFP

WASHINGTON (AFP) - The operators of the Ashley Madison affair-minded dating website agreed Wednesday (Dec 14) to pay a US$1.6 million (S$2.28 million) penalty over a data breach exposing data from 36 million users, US officials announced.

Ashley Madison's Canadian parent company Ruby agreed to the penalty to settle charges with the US Federal Trade Commission (FTC) and state regulators for failing to protect confidential user information.

The settlement comes after a hacker group last year released what was said to be personal data on millions of members of Ashley Madison, who were based in 46 countries. The fallout led to reports of blackmail and even suicides.

The financial penalty, split between the federal government and US states suing the company, would increase to US$8.75 million if Ashley Madison fails to abide by new information security practices and refrain from misleading consumers.

"This case represents one of the largest data breaches that the FTC has investigated to date, implicating 36 million individuals worldwide," said FTC chairwoman Edith Ramirez.

"The global settlement requires AshleyMadison.com to implement a range of more robust data security practices that will better protect its users' personal information from criminal hackers going forward."

Earlier this year, the dating website - whose motto had been "life is short, have an affair" rebooted, calling itself an "open-minded dating" service.

The company said at the time it will no longer use female "bots" or automated programmes that respond to members pretending to be women on the hunt for men.

According to the FTC complaint, until August 2014, operators of the site lured customers, including 19 million Americans, with fake profiles of women designed to convert them into paid members.

The company failed to adequately protect users' personal information such as date of birth, relationship status and sexual preferences.

The company confirmed the settlement, saying it would help it move past the hacking episode.

"Today is a pivotal day for our members and for Ashley Madison," said a statement from Ruby chief executive Rob Segal.

"Today's settlement closes an important chapter on the company's past and reinforces our commitment to operating with integrity and to building a new future for our members, our team and our company."