The parent company of adultery website Ashley Madison has agreed to pay $11.2m (£8.55m) to settle a USA class-action lawsuit over the massive July 2015 data breach that saw the personal details, including credit card details, home addresses and email accounts of millions of users from across the globe, published online.
Ruby Corporation, formerly known as Avid Life Media denied wrongdoing in agreeing to the preliminary class-action settlement, which requires approval by a United States federal judge.
Touting the motto, “Life is short”.
Last December, Ruby agreed to pay $1.66 million to settle a probe by the U.S. Federal Trade Commission and several states into lax data security and deceptive practices, also without admitting liability.
The proposed settlement enables users to submit claims up to a maximum of $3,500 per person – though the amount recovered will depend on factors like whether the users suffered identity theft as a result of the data breach. As a result, users say they were unable to protect themselves, suffering financially loss and other harm.
In a statement released Friday, Ruby said that a proposed settlement had been reached resolving a number of lawsuits related to the breach. It claims that the account credentials were not verified for accuracy and some may have been created using other individuals’ information.
The group of hackers, called Impact Team, said they stole the information of 37 million members of Ashley Madison.
The company also notes that since the July 2015 breach it has implemented numerous remedial measures to enhance the security of its customers’ data, such as requiring mandatory security training for employees, provide the full delete service for no charge, and completed a comprehensive third-party review of protections now in place.