Skip to main content

Privacy Monday - July 20, 2015: Hack Attack on Adultery Site Ashley Madison

It's Monday!   Once again, data breaches and hacks are front and center, so here are three stories you should know about to start your week.

1.    The Site that Promises "Discreet Encounters" Hacked -- Karma?

If you have not heard the provocative ad campaign launched by a site called AshleyMadison, it may surprise you to know that a self-described site dedicated to "infidelity and married dating" has over 37 million members.  Then again, maybe not.  In any event, the site that bluntly declares "Life is short.  Have an affair." has apparently been hacked, according to Krebs on Security.   A group calling itself "The Impact Team" claims to have gained access to the databases of Avid Life Media (ALM), the company running AshleyMadison.   The booty The Impact Team allegedly possesses includes payment and personal information of the nearly 37 million members of AshleyMadison -- most of whom presumably would desperately want to remain anonymous -- as well as internal business information and network and technology mapping of ALM.

The Impact Team's demand is aimed straight at ALM's business and demands that either ALM take AshleyMadison and its other site Established Men  ("Connecting young beautiful women with interesting men") offline, or the data dump will be made public.  "Too bad for those men, they’re cheating dirtbags and deserve no such discretion," the hackers continued. “Too bad for ALM, you promised secrecy but didn’t deliver ... And with over 37 million members, mostly from the US and Canada, a significant percentage of the population is about to have a very bad day, including many rich and powerful people."    According to ALM, they are working with law enforcement to track and shut down the hackers.

Until then, there are a lot of nervous cheaters out there today .....

Read more:

Mashable

Wired

2.  Another High Profile Healthcare Data Breach 

UCLA Health System reports that a criminal hack attack could have accessed the health information of as many as 4.5 million patients.  According to the public statement and notices made by the provider, an intruder apparently gained access to its computer system and activity was tracked to a part of the network where unencrypted patient information was stored.  Although UCLA Health does not have any information that leads it to believe that such information was stolen, because the records were not encrypted, patients were notified out of the ubiquitous "abundance of caution."   Suspicious activity was apparently discovered by the health system back in October 2014 but the access was not discovered until May 2015 as part of the ongoing investigation.   The Los Angeles Times has published an FAQ regarding the hack.

The takeaway:  If encryption of information "in transit" is a prophylactic against theft, then encryption of sensitive records "at rest" is an insurance policy -- it is less expensive than providing notice and credit monitoring and certainly more protective of your company's reputation.  

3.   The FCC Issues Long-Awaited Autodialer Order

The Federal Communication Commission has released its long-awaited "omnibus" Declaratory Ruling and Order clarifying certain provisions of the Telephone Consumer Protection Act of 1981 ("TCPA").     In the Order, the FCC responded to 21 petitions by a number of companies and trade associations seeing relief or clarification regarding requirements of the TCPA, particularly with respect to so-called "autodialers."   Mintz Levin's Communications group has published a client alert analyzing the provisions of the Order.   Read it here.

 

 

 

 

Subscribe To Viewpoints

Author

Cynthia J. Larose

Member / Co-Chair, Privacy & Cybersecurity Practice

Cynthia J. Larose is Chair of the firm's Privacy & Cybersecurity Practice, a Certified Information Privacy Professional-US (CIPP-US), and a Certified Information Privacy Professional-Europe (CIPP-E). She works with clients in various industries to develop comprehensive information security programs on the front end, and provides timely counsel when it becomes necessary to respond to a data breach.