The names, email addresses and sexual fantasies of millions of Ashley Madison users were revealed after hackers accessed and posted the information online.
Since then, there have been numerous hate crimes, attempts to extort people and two apparent suicides.
What is Ashley Madison?
Ashley Madison is a dating website for those who are married or otherwise in committed relationships, and seeking affairs with others in similar situations. The site boasts the slogan “Life is short. Have an affair.”
A group of hackers, known as Impact Team, managed to access the Ashley Madison servers and distributed the contents. Canadian police have called their conduct “criminal” with Toronto Police Service’s Sergeant stating
“We’re talking about families, we’re talking about their children, we’re talking about their wives, we’re talking about their male partners. Can you imagine going home and people talking at the dinner table?”
The company that owns the site, Avid Life Media (ALM), are offering a US$500, 000 (AUD$523, 058) reward for information leading to the arrest and conviction of the people responsible for the breach.
What Was Leaked?
Email addresses, first and last names, credit card information and profiles of Ashley Madison users were all leaked by Impact Team.
There were over 800 Australian government email addresses, both state and federal. Among them were email addresses linked to Defence, Education and the NSW Attorney-General’s department.
One man, who remained anonymous, told an AAP reporter that his email had been stolen and used to create a fake Ashley Madison account.
Either way, there have been reports of extortion attempts, with some users being asked to fork out US$226 to keep their secret hidden.
Hacking as a Crime
Canada, like Australia, has ratified the 2001 Convention on Cybercrime, which covers a broad range of computer crimes.
This covers compromising the confidentiality, integrity and availability of data. That is: pretty much everything the Ashley Madison hackers did.
In NSW, s308H of the Crimes Act makes it an offence to access data without being authorised. This can include stealing or even just viewing another’s personal information by intentionally bypassing security systems.
If it had occurred in NSW, the conduct of Impact Team members could certainly amount to an offence under this section, exposing each of them to a maximum penalty of 2 years imprisonment.
But of course, a person must be identified before they can be charged with a criminal offence; which is proving to be a challenge for investigators.
What Can Ashley Madison Users Do?
Information technology experts have advised that at the end of the day, there’s not much that Ashley Madison users can do to stop their information from being distributed over the internet.
Some of those affected in the US have attempted to use copyright laws to have their information removed from blog posts, tweets and newspaper articles. But since the data was originally dumped on the dark web, there is little prospect of having the 9.7GB of posted data removed.
And in any event, it is likely that their data has already been downloaded by hundreds (if not thousands) of people – so the proverbial genie is out of the bottle.
In the US, a class action has been launched against Avid Life Media, the company that owns the Ashley Madison site for emotional distress.
What About Australia?
There is no cause of action in Australia for emotional distress caused by an invasion of privacy. Indeed, privacy laws here are remarkably lax and causes of action are limited.
With so many skilled hackers around, perhaps the best advice to come out of the Ashley Madison saga is not to sign up for a site that you will be distressed or embarrassed to be linked with.