Loading articles...

Class-action lawsuit established in Ashley Madison data leak

Last Updated Aug 20, 2015 at 5:32 pm EST

A class-action lawsuit has been established by the law firm Charney Lawyers and Sutts, Strosberg LLP against the corporations who run the Ashley Madison dating site (Avid Dating Life Inc. and Avid Life Media Inc.) on Thursday.

Eliot Shore, the plaintiff, is a disabled widower who resides in Ottawa, according to the law firm. After 30 years of marriage, Shore lost his wife to breast cancer and he joined the website.

The allegations in the class-action lawsuit include the privacy of thousands of Canadians was breached in July. Users’ personal names, emails, home addresses and message history is what the law firm is saying was breached.

In many cases, the firm is claiming the users paid additional fees for the website to remove all of their user data. It is alleged these users discovered that their information was exposed.

The firm also added that the class action is not being brought against the hackers who have claimed responsibility for the leak, Impact Team.

The class-action lawsuit still needs to be certified.

Karen Eltis, an online privacy expert and law professor at the University of Ottawa, says the cyberattack shows that employees across the country – and many who work in government – are in dire need of Internet privacy training.

“It may seem obvious but to many it’s not obvious,” she said in an interview. “The web is not the Wild, Wild West and anonymity online is illusory.”

More than 630 email addresses used to sign up on AshleyMadison.com end in gc.ca, which is the standard ending for emails used by employees of most federal government departments.

Moreover, research into the leaked files shows that 35 credit-card transactions on the site – by 10 different people – were conducted using House of Commons or Senate IP Internet addresses.

More than 75 credit card transactions were conducted by 48 people on IP addresses linked to the Department of National Defence, the leaked files reveal.

Eltis said the hack demonstrates that employers across the country need to better train workers on how to ensure companies aren’t embarrassed – or worse, blackmailed – when this kind of data breach occurs.

“Online privacy awareness training is crucial to protect not only the employees but the employers’ reputation,” she said.

“It may not say something about the company but it’s about the perception that is attributed to the company.”

At least one government agency has already instituted mandatory Internet privacy training as a result of data breaches.

In 2014, Canada’s cryptologic agency, Communications Security Establishment, learned that the data of several of its workers had been compromised. It forced all employees to take a training course on how to protect digital information.

Prof. Teresa Scassa, another University of Ottawa law professor, said more and more employers are paying attention to training employees about basic understanding of Internet privacy issues.

“But the flip side is that employers have the obligation to protect the personal information that they have,” she said.
“Probably none of these individuals expected this to come out as public, they made the mistake that so many of us do — to trust their personal information to a company.”

Scassa also warned that the emails used to sign up to Ashley Madison weren’t verified, meaning many of the government email addresses in the company’s system might have been used by people who did not own them.

“There does seem to be some levels of naivete from people not thinking through all the consequences (of using work emails) and learning these things the hard way.”