Ashley Madison Fallout: Investigations, Lawsuits, Lessons - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Government // Cybersecurity
08:05 AM
Larry Loeb
Larry Loeb

Ashley Madison Fallout: Investigations, Lawsuits, Lessons

The fallout from the Ashley Madison breach continues, offering some surprise lessons for CIOs and IT professionals on how to respond to a very public event.

7 Hot Advances In Email Security
7 Hot Advances In Email Security
(Click image for larger view and slideshow.)

The consequences of the Ashley Madison breach continue this week, with law enforcement inquiries and lawsuits starting to pile up for the website, which is known for promoting extramarital affairs, and for its parent company, Avid Life Media.

The incident offers important lessons for CIOs on how to deal with a massively public breach event.

First, try to find out who caused it. See if someone will turn in the culprit or culprits.

Toronto-based Avid Life Media has announced a reward of $500,000 Canadian (US $376,000) for information leading to the identification, arrest, and prosecution of the person or persons responsible for the breach.

If nothing else, it's a start.

Avid's statement also talked about the ongoing investigations.

"The 'Project Unicorn' law enforcement task force members that appeared in Toronto today, led by the Toronto Police Services (TPS), and accompanied by the U.S. Department of Homeland Security, the Ontario Provincial Police, the Royal Canadian Mounted Police, and the U.S. Federal Bureau of Investigation, have been actively investigating all aspects of this crime for more than a month," according to the company's Aug. 24 statement. "As TPS indicated at today's press event, the investigation is progressing in a 'positive direction,' but more help is needed from the outside."

Avid is following the damage control playbook here by publicly showing its efforts to minimize consequences of the breach. If the hackers are arrested and charged, no further disclosures will occur.

(Image: tzahiV/iStockphoto)

(Image: tzahiV/iStockphoto)

Avid also addressed customer concerns about financial information stolen from the site in a statement. "No current or past members' full credit card numbers were stolen from Avid Life Media. Any statements to the contrary are false. Avid Life Media has never stored members' full credit card numbers," according to the company's Aug. 19 statement.

Here, the company is trying to get upstream of user fears by denying reports from others that may be out there. Avoiding the perception of a problem is also crucial to an effective damage control strategy.

In a situation like this, some people will have their own opinions on it. Noted security guru John McAfee, who has had his fair share of controversial episodes, believes that the Ashley Madison hack was an inside job.

McAfee went a step further and said that it may have been a female employee, but his rationale is somewhat thin on that.

[Read about what CIOs need to know about security.]

"How did I come to this conclusion? Very simply. I have spent my entire career in the analysis of cybersecurity breaches, and can recognize an inside job 100% of the time if given sufficient data -- and 40GB is more than sufficient," McAfee wrote in the International Business Times on Aug. 24. "I have also practiced social engineering since the word was first invented and I can very quickly identify gender if given enough emotionally charged words from an individual. The perpetrator's two manifestos provided that."

Interestingly, there have been no comments from Avid Life Media about McAfee's thoughts. That may mean that it is also using one of the basic damage control tactics: Keep an open mind.

By considering all possible scenarios, institutional biases that may blind you may be avoided in the pursuit of a resolution.

Larry Loeb has written for many of the last century's major "dead tree" computer magazines, having been, among other things, a consulting editor for BYTE magazine and senior editor for the launch of WebWeek. He has written a book on the Secure Electronic Transaction Internet ... View Full Bio
We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
<<   <   Page 2 / 2
User Rank: Ninja
8/27/2015 | 8:16:50 AM
Getting Attention
I think the nature of this site is important in this case and it helps keep the story alive.  This is good because it bring attention to how much data was lost and the sensitivity of that data.  When Target loses a credit card info people don't wonder who was shopping at Target but when a controversial site loses data people watch the drama.  They may not have been in a position to have their information compromised but the drama around the site makes them think about the larger issues when your information is stolen.  As a side note I think it's interesting to see not only that the data was stolen but AM's business model is being exposed to some extent as it made money "hiding" former customers and had thousands of fake profiles to make the site look successful. 
<<   <   Page 2 / 2
Why 2021 May Turn Out to be a Great Year for Tech Startups
John Edwards, Technology Journalist & Author,  2/24/2021
How GIS Data Can Help Fix Vaccine Distribution
Jessica Davis, Senior Editor, Enterprise Apps,  2/17/2021
11 Ways DevOps Is Evolving
Lisa Morgan, Freelance Writer,  2/18/2021
White Papers
Register for InformationWeek Newsletters
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you.
Flash Poll