The impact of the Ashley Madison mass cyber leak is reported to have claimed its first suicide victims in the last few days following the first divorce proceeding announcements from suspicious partners across the globe.
There has now been an accusation from an aggrieved former staffer at Ashley Madison that innocent victims formed part of the mass data volume. The employee, who had sought compensation in a grievance case against the dating agency, claimed that she had been recruited to make up spurious accounts to boost membership numbers and attract matches, along with an insidious claim that innocent people had been caught up in 3rd party data lists looped in and caught up in the resulting data dump.
Avid Life Media in desperate attempts to try and position itself as the victim, has offered a £240,000 reward for information leading to the hackers of its IT systems. If the number of class action lawsuits (five at the latest count – 4 US and 1 Canadian) are anything to go by, Avid Life might be trying to raise the sum, not offer it in future, as more than $500 billion is already being claimed in damages, according to NBC News. On top of this, claims have emerged from security blogger Brian Krebs that leaked emails show that CEO Noel Biderman hacked into a competitors database, Nerve.com in 2012 to download and play with their customers’ accounts to make non-paying customers pay and create mythical messages between parties.
Beyond Avid Life’s own low morale stance, an unsurprising but sad repercussion has been the news that cyber criminals are now reaching out to victims, claiming to have access to the stolen data and are targeting them with directions to click on spurious links that then open them to further malware threats. This is in addition to direct blackmail threats to a number of parties threatening to expose their identities from the publicly held information and share it with spouses, employers and their communities.
In a more positive regulatory twist this week, following a US appeal court ruling, the Federal Trade Commission has given the greenlight for a lawsuit against US hotel operator, Wyndham Worldwide, who suffered three breaches in 2008 and 2009. This resulted in frauds totalling more than $10.6 million against its 619,000 customers whose personal details and credit card information was stolen. The FTC’s legal argument being that the hotel group failed to properly safeguard consumers’ data. This augurs badly for Avid Life Media if the wind changes in the direction of corporate responsibility as expected now.
For privacy protection firm Privitar commenting on the Wyndham Worldwide ruling, safeguarding data should be a key priority of organisations. Their CEO Jason du Preez commented: “This decision is further support for the notion that companies need to take the way they manage and process sensitive data more seriously.” Whilst opportunities from big data analytics are genuine, there are real legal and ethical implications which need to be properly comprehended and interpreted. For du Preez, “…ensuring that only essential data is visible in any given process, organisations can extract essential value from data while complying with the strictest standards for data protection as it separates data utility from data identity”, he said.
A cyber hacker is a terrorist and like any terrorist, has no care about how many victims they hurt, or how badly. It is therefore up to every organisation to take all reasonable steps to safeguard the data they hold on behalf of 3rd parties. There is no other option in today’s society – unless you want to throw away your business and see it going under through the courts.
Amicus ITS Blog 