It’s an infamous hack. We’re going to rewind to the past and look at a major data breach from 2015. That summer, the online extramarital affair website Ashley Madison witnessed a major theft of user data. Ashley Madison marketed itself with the slogan: “Life is short. Have an affair.”
The malicious group called themselves “The Impact Team”, and they granted themselves access and copied the website’s personal information database. This data included everything from personal names, emails and address to sexual preferences. The group threatened to leak the information online, where many site users feared being discovered and associated with such a website.
Where usually the malicious group threatens, and the company delivers on the ransom to protect consumer data. This incident was sticky in that time passed with no resolution resulting in the group posting over 70 gigabytes on the dark web exposing corporate CEOs and suburbial husbands. In the end, 33 million records were exposed online.
The Ashley Madison data breach is a first-hand example of when malicious activity costs a company millions. The parent company of Ashley Madison, Ruby Life Inc, finalized this week a two-year court battle after an anonymous user filed a class-action lawsuit against the parent company. The company formally stated that it didn’t take the “necessary and reasonable precautions” to protect its user’s personal data.
The case resulted in US-based users of the website receiving a payment of $11.3 million in settlement, because of personal details breached in the cyber attack. According to the settlement, individuals can claim up to $3,500 in damages as long as they can provide documentation of the damages.
The costs of a breach is always significant. Between ransom payments, cost damage to internal infrastructure, security improvements and legality fees, a major breach like this one can bring a company to its knees. The initial breach was believed to cost the parent company close to a quarter of its revenue, and then the company invested million dollars into security improvements. Don’t forget the costly legal fees and settlement fees that the company might’ve prevented if it had the right security structures in place.