Ashley Madison parent in US$11.2m settlement over data breach

[NEW YORK] The owner of the Ashley Madison adultery website said on Friday it will pay US$11.2 million to settle US litigation brought on behalf of roughly 37 million users whose personal details were exposed in a July 2015 data breach.

Ruby Corp, formerly known as Avid Life Media Inc, denied wrongdoing in agreeing to the preliminary class-action settlement, which requires approval by a federal judge in St Louis.

Ashley Madison marketed itself as a means to help people, primarily men, cheat on their spouses, and was known for its slogan "Life is short. Have an affair." But the breach cost privately held Ruby more than a quarter of its revenue, and prompted the Toronto-based company to spend millions of dollars to improve security and user privacy.

Last December, Ruby agreed to pay US$1.66 million to settle a probe by the US Federal Trade Commission and several states into lax data security and deceptive practices, also without admitting liability.

According to Friday's settlement, users with valid claims can recoup up to US$3,500 depending on how well they can document their losses attributable to the breach.

Layn Phillips, a former federal judge who mediated the settlement, said in a court filing that the accord offered "a valuable recovery for the class in the face of many obstacles," including Ruby's preference that victims arbitrate their claims.

Lawyers for Ashley Madison users may receive up to one-third of the US$11.2 million payout to cover legal fees, court papers show.

The case is In re: Ashley Madison Customer Data Security Breach Litigation, US District Court, Eastern District of Missouri, No 15-md-02669.

REUTERS