Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...
By Jimmy H. Koo
A recent customer class settlement by adultery website AshleyMadison.com’s owner may be a preview of higher value data breach litigation settlements to come, cybersecurity professionals told Bloomberg BNA .
Companies need to implement basic security measures to avoid preventable breaches or risk high settlement payouts, privacy attorneys and security professionals said.
Without admitting any wrongdoing, privately-owned Ruby Corp., formerly known as Avid Life Media Inc., agreed July 14 to pay $11.2 million to settle class allegations that lax data security measures led to a 2015 hack that exposed the personal data of approximately 37 million users ( In re Ashley Madison Customer Data Sec. Breach Litig. , E.D. Mo., MDL No. 2669, proposed settlement filed 7/14/17 ).
The settlement proposal filed in the U.S. District Court for the Eastern District of Missouri would provide a maximum of $3,500 per class member. A preliminary settlement approval hearing is scheduled for July 21.
Jay Edelson, partner and founder of plaintiff-side class action law firm Edelson PC in Chicago, told Bloomberg BNA that the settlement is a strong one for the plaintiffs and signals that “the cost of data breach settlements are likely to rise over the next few years.”
Scott Blackmer, information technology law partner at InfoLawGroup LLP, told Bloomberg BNA that to “avoid costly liability like this,” companies must maintain reasonable security measures and “say what you do, and do what you say.”
AshleyMadison’s parent company charged a fee for a “full” delete feature and then didn’t delete users’ data, Blackmer said. “Getting hacked because of poor security is bad, but coupling that with deceptive practices is what really makes judges, juries, or regulators want to hit you with a stick,” he said.
In July 2015, hackers infiltrated AshleyMadison.com and released information on millions of users of the adultery website. The data dump leaked full names, email addresses, partial credit card data, and other sensitive personal information, including dating and sexual preferences. The hack led Noel Biderman, the company’s former CEO, to step down.
Amit Ashbel, cybersecurity evangelist at Checkmax Ltd. in Tel Aviv, told Bloomberg BNA that Ashley Madison “got a good deal” with the breach settlement.
According to Ashbel, the data breach and subsequent settlement could have been avoided. A crucial lesson for companies is to make sure they “employ security early on in the development cycle,” Ashbel told Bloomberg BNA.
With many recent data breaches, including the one affecting AshleyMadison.com, taking “just the basic step of ensuring sufficient data encryption would have reduced the impact of the breaches as the data would have not been readable,” he said.
Harry Piccariello, chief marketing officer at data security company GigaTrust Corp., agreed that companies need to invest in security upfront.
Francoise Gilbert, a shareholder focusing on global data privacy and security at Greenberg Traurig LLP in East Palo Alto, Calif., told Bloomberg BNA that data breach class actions are “seldom successful because of the difficulty in showing damages.” But this is a case “where some of the plaintiffs were able to show actual financial losses,” Gilbert said.
Blackmer noted that a part of the settlement fund is earmarked for those who can document losses due to identify theft, “which is difficult to prove.”
Edelson said going forward, he expects higher scrutiny over no-fault settlements like these. Settlements that “don’t recognize the harm caused by data breaches will face criticism by the courts and ultimately will be rejected,” he said.
Dowd & Dowd PC; HammondLaw PC; and Driscoll Firm PC represent the class. Paul, Weiss, Rifkind, Wharton & Garrison LLP and Bryan Cave LLP represent Ruby.
To contact the reporter on this story: Jimmy H. Koo in Washington at firstname.lastname@example.org
To contact the editor responsible for this story: Donald Aplin at email@example.com
Full text of the proposed settlement is available at http://src.bna.com/qPY
Copyright © 2017 The Bureau of National Affairs, Inc. All Rights Reserved.
All Bloomberg BNA treatises are available on standing order, which ensures you will always receive the most current edition of the book or supplement of the title you have ordered from Bloomberg BNA’s book division. As soon as a new supplement or edition is published (usually annually) for a title you’ve previously purchased and requested to be placed on standing order, we’ll ship it to you to review for 30 days without any obligation. During this period, you can either (a) honor the invoice and receive a 5% discount (in addition to any other discounts you may qualify for) off the then-current price of the update, plus shipping and handling or (b) return the book(s), in which case, your invoice will be cancelled upon receipt of the book(s). Call us for a prepaid UPS label for your return. It’s as simple and easy as that. Most importantly, standing orders mean you will never have to worry about the timeliness of the information you’re relying on. And, you may discontinue standing orders at any time by contacting us at 1.800.960.1220 or by sending an email to firstname.lastname@example.org.
Put me on standing order at a 5% discount off list price of all future updates, in addition to any other discounts I may quality for. (Returnable within 30 days.)
Notify me when updates are available (No standing order will be created).
This Bloomberg BNA report is available on standing order, which ensures you will all receive the latest edition. This report is updated annually and we will send you the latest edition once it has been published. By signing up for standing order you will never have to worry about the timeliness of the information you need. And, you may discontinue standing orders at any time by contacting us at 1.800.372.1033, option 5, or by sending us an email to email@example.com.
Put me on standing order
Notify me when new releases are available (no standing order will be created)