In leading a coalition of 13 states and the District of Columbia, Vermont Attorney General Bill Sorrell secured a $17.5 million settlement from the Ruby Corp. after a hack into its Ashley Madison dating website, which caters to people looking for extramarital affairs.
โThe state attorneys general, and Vermont in particular, have been in the vanguard of protecting consumersโ privacy online,โ Sorrell said in a statement on Wednesday.
โThere is not a different standard simply because a consumer adopts a particular lifestyle. Fraud is fraud and it is against the law. The companies providing these goods and online services must know that the law applies to them just like it applies to everyone else,โ he said,
In summer 2015, the Ashley Madison site was hacked, and millions of membersโ personal information, including photographs and email addresses, was leaked. In part because the site was catering to people looking to keep secrets from their spouses, Ashley Madison claimed to have a โFull Deleteโ option for profiles, which turned out to not be completely comprehensive.
The siteโs 2015 revenues were estimated at around $47.4 million.
Sorrellโs consumer protection complaint invokes Vermontโs Consumer Protection Act as grounds for legal action.
The complaint accused the dating site of engaging in โdeceptive acts by misrepresenting the level of security they maintain, creating false security certifications on their website, selling a product to fully delete customersโ data which they did not enact, creating fake user profiles, and failing to enact reasonable data security measures that would protect the sensitive data that was entrusted to them.โ
Vermont, as the lead state, will receive an immediate payment of $116,000 from the Ruby Corp. as part of a larger initial payout of $1.657 million split between the states and the Federal Trade Commission.
Sorrell has estimated that 16,213 Vermonters were members of the Ashley Madison site at the time it was hacked in summer 2015.
In addition to the payout, Ashley Madison agreed to cease certain deceptive practices, stop making fake profiles and strengthen its data security features.