Ashley Madison Settles Data Breach Allegations For $11.2M
By Melissa Daniels
Law360, Los Angeles (July 14, 2017, 8:31 PM EDT) — The parent company of online dating website Ashley Madison reached an $11.2 million deal with users following a data breach of the network that leaked personal information, according to a proposed settlement filed in the Missouri-based multidistrict litigation on Friday.
The MDL joined suits filed against the adultery hub after the widespread leak of personal and financial information of around 37 million users in the summer of 2015. The plaintiffs and Ruby Life Inc., the parent company of Ashley Madison formerly known as Avid Dating Life Inc., confirmed the settlement in a joint statement issued Friday.
“While Ruby denies any wrongdoing, the parties have agreed to the proposed settlement in order to avoid the uncertainty, expense and inconvenience associated with continued litigation, and believe that the proposed settlement agreement is in the best interest of Ruby and its customers,” the company said.
Since the leak, Ruby has enhanced measures to protect its users’ data, it said.
Multiple suits were filed against Avid in the wake of the leak alleging that Avid failed to secure their confidential information. The suits said Avid falsely advertised a “full delete removal” service that didn’t actually purge user account information from the website’s database, and used artificial intelligence to fool men into believing they were interacting with women when they were in fact chatting with “bots.”
The MDL was created in December 2015. Claims in the operative complaint include violations of the Racketeer Influenced and Corrupt Organizations Act, the Federal Stored Communications Act, negligence, breach of implied contract and other various state consumer fraud, protection and record acts as well as data breach notification statutes.
The following summer, the company pushed for arbitration, and though settlement talks began in September, the parties were unable to reach a deal by the end of the year.
At the same time, the Federal Trade Commission had worked with 13 states to resolve similar claims and reached a $17.5 million settlement — but the deal yielded a $1.657 million payment from Avid based on the company’s ability to pay, according to court documents.
The parties picked up settlement talks with the company again and, with assistance from retired U.S. District Court Judge Layn Phillips, they reached a settlement in principle by April of this year, according to court records.
The settlement funds will be available to reimburse customers who paid for “full delete” services, reimbursements for credits on the website they may have pre-purchased and any losses caused by the data breach of up to $2,000. Class members will be able to receive a maximum of $3,500 each, according to settlement documents.
The proposed settlement doesn’t give an estimated number of claims that will be filed but says there are millions of potential class members who had their data released in the breach or made payments to Ashley Madison that could seek reimbursement.
The motion seeking preliminary approval says that while the plaintiffs believe they have a strong case, their success in further litigation is far from certain given the outstanding motion for arbitration and the potential for the defendants to challenge the plaintiffs’ standing under the U.S. Supreme Court’s landmark Spokeo decision — as well as financial uncertainty.
“Perhaps as importantly, should plaintiffs and the class proceed through further years of litigation to prevail at trial and on appeal and obtain a judgment significantly greater than $11.2 million, there remains a significant likelihood that plaintiffs would never be able to recover that judgment from defendants,” the motion said.
The proposed notice program to reach potential class members will involve notices in People magazine, Sports Illustrated and more than 11 million targeted digital banner ads.
If the deal is approved, class counsel will file a motion for attorneys’ fees of up to one-third of the total value of the settlement fund, as well as expenses and class representative awards.
In the joint statement, Ruby said that the personal information published after the hack may have included account information that didn’t belong to actual users.
“Account credentials were not verified for accuracy during this timeframe and accounts may have been created using other individuals’ information,” the statement said. “Therefore, Ruby wishes to clarify that merely because a person’s name or other information appears to have been released in the data breach does not mean that person actually was a member of Ashley Madison.”
The plaintiffs are represented by interim co-lead counsel John J. Driscoll, Christopher J. Quinn and Gregory G. Pals of The Driscoll Law Firm and W. Lewis Garrison Jr., Christopher B. Hood, Taylor C. Bartlett and James F. McDonough III of Heninger Garrison Davis LLC. The plaintiffs’ interim liaison counsel includes Douglas P. Dowd, William T. Dowd and Alex R. Lamaghi of Dowd & Dowd PC. The plaintiffs’ interim executive committee includes John Arthur Eaves Jr. of John Arthur Eaves, Attorneys at Law, Gary F. Lynch and Jamisen A. Etzel of Carlson Lynch Sweet & Kilpela LLP, Thomas A. Zimmerman Jr. of Zimmerman Law Offices PC, Julian A. Hammond, Ari Cherniak and Polina Pecherskaya Hammondlaw PC and Katrina Carroll and Kyle Alan Shamberg of Lite DePalma Greenberg.
Defendant Noel Biderman is represented by William S. Ohlemeyer, Christopher M. Green and Ian M. Dumain of Boies Schiller Flexner LLP.
Avid Dating Life Inc. and Avid Life Media Inc. are represented by Robert A. Atkins and Yahonnes Cleary of Paul Weiss Rifkind Wharton & Garrison LLPand Richard P. Cassetta and Helen Looney of Bryan Cave LLP.
The case is In Re: Ashley Madison Customer Data Security Breach Litigation, case number 4:15-md-02669 in the U.S. District Court for the Eastern District of Missouri.