Ruby Corp., the parent company of the extramarital affair dating site Ashley Madison, has agreed to pay $11.2 million to end a class action lawsuit with 37 million users who had their personal data stolen by hackers and posted on the dark web in 2015.
Members who submit a valid claim form and documentation will be refunded their $19 if they purchased the $19 “Full Delete” feature.
The settlement is also worth up to $3,500 depending on how well users can document losses attributable to the data breach. Members can seek up to $500 in refunds for spending money to chat with “women” who were actually robots of fake female profiles. Victims of identity theft are eligible for up to $2,000 in compensation for losses.
The $11.2 million settlement includes $7 million for users who had their data stolen, $3.5 million in attorneys’ fees, and $500,000 in administrative costs.
Ashley Madison is still online, but now promises its users better security. The highly-profitable dating website encourages extramarital affairs with the slogan: “Life is short. Have an affair.”
In July 2015, hackers broke into Ashley Madison’s user databases and threatened to post “secret sexual fantasies and matching credit card transactions, real names and addresses” of every user unless the site was taken offline. The owner of the site refused.
Two months later, hackers dumped 9.7 gigabytes of data from 32 million Ashley Madison users on the dark web, including log-in, name, address, phone number, sexual fantasies, encrypted passwords, and credit card transactions for 7 years dating back to 2007.
The hackers said they attacked Ashley Madison because the company was tricking users into thinking they needed to pay $19 to “Full Delete” their profile — but never actually deleted the data after taking users’ money.
Ashley Madison was also accused of luring men into making purchases on the website by extensively using fake female “bots.”
Ashley Madison did not verify email addresses, so anyone could sign up with a fake email or name. Barack Obama and Tony Blair were among the fake names and emails exposed in the data dump. Even so, many men signed up with actual names and emails.