NEW YORK -- The release of the names and personal information of millions of potentially cheating spouses around the world will undoubtedly have disastrous consequences for many couples, but Ashley Madison members might think twice before suing over the website's hacking.
Those who take legal action will likely out themselves as one of the notorious website's purported 39 million members. And just like with any ordinary data breach, they would have to prove they were harmed in some way in order to collect damages.
"I'd be surprised if you get a lot of traction here," says Scott Vernick, a partner and head of the data security and privacy practice at the law firm Fox Rothschild LLP.
One month after hackers breached the computer systems of Toronto-based Avid Life Media Inc., Ashley Madison's parent company, they released a massive trove of data that they claim to be the personal details of millions of people registered with the website, whose slogan is "Life is short. Have an affair."
The hackers accuse its owners of deceit and incompetence and said the company had refused to bow to their demands to close the site. Avid Life released a statement calling the hackers criminals. It added that law enforcement in both the U.S. and Canada is investigating and declined comment beyond its statement.
The Associated Press wasn't immediately able to determine the authenticity of the leaked files, although many analysts who have scanned the data believe they are genuine.
Vernick noted that the hackers posted the information on the "dark web," a corner of the Internet that's tough for most average Web surfers to reach. But by Wednesday morning in the U.S., the information was popping up on more accessible places, including at least one website that allowed users to search the data by phone number or email address.
Regardless, Vernick says most courts have ruled that people can't sue breached companies just because they face the possibility of becoming victims of credit card fraud or identity theft. At the same time, the humiliation that could result from a person's Ashley Madison membership becoming public probably isn't a big enough deal in the eyes of the courts to allow a lawsuit to go forward, he says.
A woman from the St. Louis, Missouri, identified in court papers as "Jane Doe," filed a federal lawsuit against Avid Life just days after the breach became public, saying that she had paid the website a $19 fee to permanently delete her information. The hackers have claimed that the information of people who paid the fee never actually was deleted, citing it as one of their reasons for the attack.
"I think our prospects, (for class action status), went through the roof today. We're getting a lot of phone calls."
The woman's attorney, John Driscoll, didn't know as of Wednesday afternoon if his client's information was among the deluge released by the hackers. But he says the news has boosted interest in his lawsuit, which seeks class action status, from other Ashley Madison members.
"I think our prospects, (for class action status), went through the roof today," Driscoll says. "We're getting a lot of phone calls."
Driscoll acknowledges that those prospects probably hinge on whether the courts will allow those suing Avid Life to remain anonymous. He wouldn't speculate on how the courts might rule.
Courts typically only grant anonymity under special circumstances, such as when a child is involved, Vernick says. Potential embarrassment probably isn't enough to justify that, and such a request would likely draw strong opposition from defense lawyers, he says.