Does Ashley Madison Have any Liability for Hack?

September 9, 2015

Ashley Madison Can Expect Lawsuits in its Future: Will they be Successful?

Ashley Madison hack

The damage caused by adultery is not an excuse for criminal conduct of the hackers in the Ashley Madison hack.

By now you have no doubt heard about the Ashley Madison website hack. If you aren’t familiar, Ashley Madison is a company with the business model of encouraging people to cheat on their spouses. Its catch phrase is, “Life is Short, Have an Affair.” We certainly don’t condone adultery. But nor do we condone criminal hacking as occurred in this case. As the old saying goes, two wrongs don’t make a right.

Our hearts go out to those who have lost loved ones due to the criminal behavior by the hackers. We also feel for the innocent victims who learned, in such a terrible and public way, that they were being cheated on.

What Happened?

Briefly, a hacking group called “The Impact Team” grabbed data from Ashley Madison. The hackers informed the company that if it did not shut down a number of its sites they would release the stolen information. This included user names, credit card numbers and content that would identify many of the 37 million users of the websites in question. The parent company, Avid Life Media, kept the sites running but claimed that it had secured its sites in the aftermath. In the end, the hackers released the data on July 21, 2015. Initially, Ashley Madison questioned whether the data was real. Subsequently, on August 21, 2015, the hackers released more data, including corporate emails. They also included a message to the CEO, Noel Biderman, asking if he wanted to continue to claim the data was not real.


The hackers claimed a number of reasons for their actions. Apparently, the main reason for the hack and release of the data is that Avid Life Media claimed to delete all information from its site if the users paid a delete fee. In addition, the company frequently stated that protection of personal information was a critical part of the site. In addition, the hackers justified their behavior based upon the purpose of the sites in question, i.e. the users are adulterers so they deserve it. Of the site and its users, the hackers wrote, “Too bad for those men, they’re cheating dirtbags and deserve no such discretion…” and “[t]oo bad for ALM, you promised secrecy but didn’t deliver.”

The Fallout

Ashley Madison Security Breach

Companies are required to take reasonable steps to secure their networks and to notify people after they have been breached. ALM did so.

It is no surprise that the fallout from the hack has been pretty severe. Just recently, a pastor who used the site committed suicide.  Another man killed himself back in August. In addition, many people who worked for various government agencies seem to have used their government email addresses. This extremely unwise move will result in the investigation and potential firing of many. Celebrities are running for the hills as well. Those who can afford it are retaining reputation consultants and pr experts to assist them in minimizing the damage.  A factor to keep in mind is that the Ashley Madison site did not require confirmation of email addresses. As a result, anyone could enter any email address to sign up for the site. This means any number of people who have been implicated might not have actually have been using the site.

Is Avid Life Media (ALM) Liable?

As of late August, four lawsuits have already been filed against the company. One gentleman signed up for the site after his wife died of breast cancer. He claims he never met anyone and never cheated on his wife. He is seeking in excess of $500 million in damages as part of a class action lawsuit.

There will be a number of legal arguments for the complaints against ALM. One comes from the fact that the company promised a deletion service for which users paid almost$20 each. This service resulted in almost $2 million in 2014 alone. It is alleged that none of the information that people paid to delete was actually deleted from the site and so those people showed up in the hack. If the site failed to delete information after people paid for the service that could be considered both a breach of contract and fraudulent conduct.  There are also accusations that many of the female accounts on the site were fraudulent. That could give rise to other types of lawsuits against the company, aside from the hacking issue. In fact, the company was contacted by California’s Attorney General back in 2012 about a fake profile issue. (The site’s terms of service states that profiles, may not be true, accurate or authentic and may be exaggerated or fantasy.”)

No doubt ALM has many restrictions and warnings in the terms of service on its website, but the promise to delete information combined with the hacking could give rise to expensive jury verdicts or settlements. Will the suits be successful? That is always the question and only time will tell. Here are a few theories and my view on their chances for success.

  • Privacy laws – The United States doesn’t have a universal privacy law. In addition, for the states that have laws, it seems that ALM did act appropriately once the breach was discovered. The same is likely true for EU laws which focus on inappropriate tracking by the website itself.
  • Defamation – For people who did not actually sign up for the account, but had their email addresses or names used and as a result had their reputations damaged. This one will be difficult because websites have a lot of immunity for the conduct of others. It would be other people who chose to use other people’s names and email addresses, not ALM. ALM would not be liable for this.
  • Breach of contract – Failure to delete information when promised and paid for. This is likely the best chance that users have for a successful lawsuit against ALM.
  • False Advertising / Fraud – Again, the failure to delete content could help those in their lawsuits against ALM.

What Will the Future Bring?

It will be interesting to see what happens over the next months and years. Many websites will take a look at their security and determine whether they are secure enough. Hopefully, people will also look at the information they share online as well as the conduct in which they engage, and make decisions about what is appropriate and inappropriate.

My view on this situation, leaving aside the moral issues, is this: if you don’t want to be embarrassed by online conduct, don’t do anything online that you don’t want on the front page of the New York Times. Even if you think you are safe, chances are always good that something like the Ashley Madison hack could occur and reveal your conduct to the rest of the world. Or even your spouse.




national trial lawyers
philadelphia life awesome attorneys
Suburban life
newsweek top attorney
ASLA award
million dollar advocated forum 
million dollar advocated forum 
bbb accredited business
Silver Badge
best personal injury lawyers in Philadelphia 2022 award
How Can We Help?

Contact us for a FREE consultation. No fee unless compensated.

    Bala Cynwyd
    Cherry Hill
    New Brunswick
    New York