The parent company of adultery website Ashley Madison has agreed to pay $11.2m (£8.55m) to settle a US class-action lawsuit over the massive July 2015 data breach that saw the personal details, including credit card details, home addresses and email accounts of millions of users from across the globe, published online.
Formerly known as Avid Life Media, owner Ruby Corp denied any wrongdoing, but agreed to pay $11.2m to compensate any losses of US residents who used the website on or before 20 July, 2015 and can submit valid claims for losses incurred as a result of the data breach. Class members can recoup up to $3,500 based on their documented losses, according to the preliminary class-action settlement. The settlement requires approval by a federal judge.
Touting the motto, "Life is short. Have an affair", the controversial website marketed itself as a service to help people cheat on their spouses.
The class-action complaint alleged that the company had failed to ensure the security of its website despite billing itself as a "100% discreet service". It also said the data breach resulted in the release of account holders' personal information, including those who paid a fee to have their information deleted from the website.
"While Ruby denies any wrongdoing, the parties have agreed to the proposed settlement in order to avoid the uncertainty, expense, and inconvenience associated with continued litigation, and believe that the proposed settlement agreement is in the best interest of ruby and its customers," the company said. "In 2015, hackers gained access to Ruby's computer networks and published certain personal information contained in Ashley Madison accounts. Account credentials were not verified for accuracy during this time frame and accounts may have been created using other individuals' information.
"Therefore, Ruby wishes to clarify that merely because a person's name or other information appears to have been released in the data breach does not mean that person actually was a member of Ashley Madison."
The massive breach cost the Toronto-based company more than a quarter of its revenue. Ruby also spent millions of dollars to bolster its security and improve user privacy.
In December 2016, the company agreed to pay $1.66m to settle a probe by the US Federal Trade Commission (FTC) and several states for allegedly creating fake profiles to deceive users and and failing to protect users' identities.