Ashley Madison has been ordered to pay a fine of $1.65 million as a result of the massive data breach that exposed the personal information of 36 million customers last year.
According to the Federal Trade Commission (FTC), the fine settles federal and state charges alleging that the adultery website deceived consumers and failed to properly protect users’ account and profile information.
In July 2015, a group of hackers stole a database containing millions of account credentials, addresses, phone numbers, credit card transactions, and more. Users’ sensitive details were later leaked online.
The FTC complaint states operators of the site assured users their personal information, such as date of birth, relationship status and sexual preferences, was private and securely protected. However, the FTC claims the website’s security was lax.
Furthermore, the FTC cited AshleyMadison.com lured customers with fake profiles of women in an effort to convert them into paid members. It also alleges it failed to delete the information of customer’s paying $19 for its “Full Delete” service.
“The defendants had no written information security policy, no reasonable access controls, inadequate security training of employees, no knowledge of whether third-party service providers were using reasonable security measures, and no measures to monitor the effectiveness of their system security,” the FTC charges stated.
Edith Ramirez, chairwoman of the FTC, called the case one of the largest data breaches the agency had ever investigated.
“The global settlement requires AshleyMadison.com to implement a range of more robust data security practices that will better protect its users’ personal information from criminal hackers going forward,” said Ramirez.
The FTC said it worked with a coalition of 13 states and the District of Columbia to secure a settlement, which originally ordered the site to pay $17.5 million. SC Magazine reported the company said it currently could not afford the penalty.