Ashley Madison lets cheaters delete their profiles for free after hack
Company has an estimated 40,000 Irish users
Ashley Madison, the dating website for people seeking extramarital affairs, is temporarily allowing users to delete their accounts from the website free of charge, amid threats of legal action over a hack earlier this week that exposed members' details.
The company has an estimated 40,000 Irish users.
In its latest statement, the company said its customers’ privacy is of the "utmost concern", and that it is now offering its "full delete" option free to any member, in light of the hack.
In the past, users have had to pay to remove all records of their profile and communications activity from the website – including posted pictures and messages sent to other system users’ email boxes.
They also had to pay a fee of about €20.
Ashley Madison said this option was developed due to specific member requests for just such a service, and designed based on their feedback.
The decision to temporarily offer this service free of charge comes after Ashley Madison suffered a major cyber attack, with hackers threatening to expose the names and "secret sexual fantasies" of users unless the site is taken offline.
The hackers, which go by the name "The Impact Team", said they decided to carry out the hack because Ashley Madison's full delete feature does not in fact remove all information related to a member’s profile.
According to The Impact Team, although Ashley Madison promises “removal of site usage history and personally identifiable information from the site", credit card details – including real name and billing address – remain online.
The controversial online dating company claims to have 37.5m users worldwide, including 1.2m in the UK. It is now potentially facing a massive class-action lawsuit, if hackers publish users' information.
Privacy lawyer David Fraser told CBC News: "Regardless of the morality, privacy is about individuals being able to make choices about how their information is collected, used or disclosed."
He added that in Canada, where Ashley Madison's owner Avid Life Media is based, there is a precedent for protecting class-action participants' identities, so users of the site would not necessarily "out" themselves if they took part, but they may need to prove financial loss in order to claim damages.
However, Pulina Whitaker, at the London office of global law firm Morgan Lewis, said that In the UK, the misuse of private information is now deemed to be a "tort" which is actionable even if an individual has not suffered a financial loss.
"Although undecided at present, there is scope to argue that damages should be payable under the Data Protection Act even if no actual financial loss has been suffered. A claim for distress arising because of the leaking of sensitive information is likely to fall within this type of non-pecuniary loss," she said.
On the question of whether Ashley Madison did actually remove all the details of users who completed a full delete, she added: "It is likely, if existing EU data protection rules apply, that claims could arise for breach of individuals’ rights to have their personal data deleted as well as breaches of obligations on organisations to protect against unlawful hacking of their personal data."
Ashley Madison said that it is working with law enforcement agencies to investigate the incident, and all personally identifiable information has now been removed, under the Digital Millennium Copyright Act.
"Any and all parties responsible for this act of cyber–terrorism will be held responsible," the company said.