Watch CBS News

Hacked Ashley Madison users getting $11.2 million settlement

Cyberattack warning
Cybersecurity expert warns the world isn't ready 05:47

ST. LOUIS — A federal judge has approved an $11.2 million settlement between the website Ashley Madison and users who sued after hackers released personal information, including financial data and details of their sexual proclivities.

U.S. District Judge John Ross in St. Louis gave preliminary approval on Friday to a class action settlement that was initially announced last week by Toronto-based Ruby Corp., the parent company of Ashley Madison, a website marketing itself as a place to have affairs. Lawsuits from around the country were consolidated in the Eastern District of Missouri.

A final approval hearing is scheduled for Nov. 20.

Douglas Dowd, an attorney representing users of the website, called the settlement "fair and reasonable" for both sides. Robert Atkins, the lead attorney for Ruby Corp., declined comment after the hearing.

CTRL: How to protect your data 05:25

The lawsuits were filed after hackers outed millions of people who used the website two years ago. The suits said Ashley Madison misled consumers about its security measures and safeguards.

The company denied wrongdoing but said in a statement that it settled to "avoid the uncertainty, expense, and inconvenience associated with continued litigation."

Ashley Madison, whose slogan is "Life is short. Have an affair," at one time claimed to have about 39 million members.

The case is unique in that many website users not only want to remain anonymous but registered using false names, said James McDonough III, an attorney for the users. As a result, those eligible for the settlement won't be contacted directly. Instead, lawyers will reach out to those who could benefit via magazine and web ads.

Ross agreed with that plan. "There's just no way to give direct notice to class members," he said.

McDonough said there is no estimate on how many people will seek part of the settlement money, which could range from as little as $19 for those victimized by the hack up to $2,000 for those who were victims of identity theft because of the hack.

After Ashley Madison hacking, potential legal fallout for users 02:34

Ashley Madison's systems were hacked in July 2015. Hackers posted the details a month later after the company didn't comply with their demands to shut down. The release of evidence of infidelity triggered extortion crimes and unconfirmed reports of suicides.

In December, Ruby Corp. agreed to pay $1.6 million in settlements with the U.S. Federal Trade Commission over the data breach. Thirteen states and the District of Columbia joined the Federal Trade Commission in the investigation that found lax data security practices. The investigation also found Ashley Madison created fake female profiles to entice male users.

In addition to monetary penalties to the FTC, Ruby agreed in December to end certain deceptive practices, to not create fake profiles and to develop a stronger data security program.

The company has said that since the initial hack it has implemented several measures to make customer data more secure.

View CBS News In
CBS News App Open
Chrome Safari Continue
Be the first to know
Get browser notifications for breaking news, live events, and exclusive reporting.