Ashley Madison’s parent company Avid Life Media (ALM) is offering a £240,000 reward for information on those who hacked its IT systems as it faces mounting legal action.
The hackers – who call themselves The Impact Team – released two sets of stolen data, including the personal details of 32 million users. The hackers published the data after Toronto-based ALM failed to give in to their demands, to take down cheating site Ashley Madison and dating site Established Men.
Those affected by one of the world’s largest data breaches to date reportedly include UK civil servants, US officials, members of the US armed forces and top executives at European and North American corporations.
Canadian police forces said they had received unconfirmed reports of suicide that may be linked to the data leak, while at least five lawsuits seeking class-action status have been filed in connection with the data breach, seeking more than a half-billion dollars, reports NBC News.
Four federal suits have been filed in the US while one class action suit has been filed in Canada.
The US lawsuits are all anonymous and all allege breach of contract, negligence and violation of various state and privacy laws by Ashley Madison and ALM.
One lawsuit filed in Los Angeles accuses both companies of negligence and invasion of privacy, as well as causing emotional distress, reported the Guardian.
Hacks disclose liability memos
According to the lawsuit, the exposure of highly sensitive personal, financial and identifying information could have been prevented by “necessary and reasonable precautions”, such as encrypting the data.
A lawsuit filed in Texas alleged that Ashley Madison and ALM should have known about vulnerabilities in their computer systems, because they had been warned about them.
According to the lawsuit, a company file included in the hack laid out multiple “technical issues that could lead to a data breach occurring, as well the legal problems that may come with that”.
The suit also said at least two Ashley Madison employees filed memos warning of weaknesses “allowing hackers access to our user data”.
The lawsuit filed in Canadian federal court seeks US$573m and class-action status on behalf of a named plaintiff, identified as Eliot Shore.
According to the lawsuit, Shore briefly joined Ashley Madison after his wife died of breast cancer, but never met any of the site’s members.
ALM CEO hack email
Addressing the hackers, Toronto police acting staff superintendent Bryce Evans said: “I want to make it very clear to you, your actions are illegal and we will not be tolerating them.”
He said the breach had already led to a number of online scams by criminals claiming to provide access to the stolen data.
“The public needs to be aware that, by clicking on these links, you are exposing your computers to malware, spyware, adware and viruses,” said Evans.
Police are seeking information from the wider hacker community that might aid their investigation, according to the BBC.
Police have set up a Twitter account: @AMCaseTPS and hashtag: #AMCaseTPS in an effort to gather information about the hack.
ALM’s legal woes may not be confined to users affected by the breach after security blogger Brian Krebs revealed that leaked emails from the company’s CEO Noel Biderman suggest Ashley Madison’s leadership hacked into competing dating service, Nerve.com, in 2012.
According to Krebs, Ashley Madison’s chief technology officer (CTO) at the time told Biderman he had uncovered a way to download and manipulate the Nerve.com user database.
“Also, I can turn any non-paying user into a paying user, vice-versa, compose messages between users, check unread stats, etc,” he wrote in an email to Biderman.
Representatives of Ashley Madison and Avid Life Media have yet to respond to media requests for comment about the apparent hacking of Nerve.com.