The companies behind extramarital-affairs website Ashley Madison are facing a new lawsuit in response to a hack that released information of about 39 million users.
Charney Lawyers and Sutts, Strosberg LLP – two Canadian law firms – filed a $578 million class-action suit Thursday against Toronto-based Avid Dating Life and Avid Life Media on behalf of Canadians whose personal data was compromised during the breach, The Associated Press reported.
“The sensitivity of the information is so extreme and the repercussions of this breach are so extreme, it puts the damages faced by members in a completely different category of class-action suits," lawyer Ted Charney told the wire service.
While many of the names and email addresses posted in the data dump appear to be false, the leak exposed everything from credit card information and geolocation data to security questions for recovering lost passwords, according to The Christian Science Monitor.
The dump – which involved data linked to government officials, military personnel, top-level executives, and civil servants, among others – has since raised critical questions about the security of servers used by both government agencies and corporations as well as users’ privacy rights.
“The Ashley Madison leak is about a lot more than the public shaming of philanderers. Above all, it’s about Internet privacy,” wrote The Washington Post's Michael E. Miller, noting that journalists, security experts, and others have noted that there were 15,000 .mil or .gov email addresses among those used for the site.
As John Herman wrote for The Awl:
We associate the cost of hacks mostly with identity theft and financial loss, from which most victims are pretty well insulated. You may know someone affected by that hack, but the resulting damages were likely mostly absorbed by their bank or credit card company.
This, on the other hand, is basically unprecedented....This is new territory in terms of personal cost.
The Impact Crew, the hacking group behind the breach, appeared to have aimed at maximizing damage to the company, based on a statement it released alongside the data dump: “It was [Avid Life Media] that failed you and lied to you. Prosecute them and claim damages. Then move on with your life. Learn your lesson and make amends. Embarrassing now, but you'll get over it."
The new lawsuit also points the finger at Ashley Madison and its owners, claiming in a statement that users “are outraged that AshleyMadison.com failed to protect its users’ information. In many cases, the users paid an additional fee for the website to remove all of their user data, only to discover that the information was left intact and exposed.”
Some experts have noted that the breach could have been worse, had Avid Life Media not employed the type of encryption it did.
But others point to a broader problem that sites like Ashley Madison embody: The use of customers’ data as objects to be owned. In an op-ed for the Monitor, D.E. Wittkower, an author and assistant professor who teaches on philosophy of technology, digital culture, and computer ethics at Old Dominion University, said he found the practice of deleting customers’ data for a fee to be “strikingly similar to revenge porn.”
To protect people in a digital environment, we need to promote legislative approaches that recognize and respect conversations, sexting, and selfies not as objects but as human activities; as asynchronous and digitally transferrable moments of a person’s life, deserving of respect and care.
The suit's class-action status still needs to be verified by the Ontario Superior Court of Justice.