It’s become as routine as the robbery of the corner liquor store.
Name-brand companies, trusted by millions, hit with massive data breaches that compromise their customers’ and/or employees’ most sensitive financial and personal information.
Among those companies:
- Target
- Kmart
- Home Depot
- JPMorgan/Chase
- Staples
- Dairy Queen
- Anthem, Inc.
- Sony Pictures
- Primera Blue Cross
- U.S. Postal Service
Click here: Data Breach Tracker: All the Major Companies That Have Been Hacked | Money.com
And as of July 15, Ashley Madison joined this list.
Ashley Madison is, of course, the notorious website for cheating wives and husbands.
Launched in 2001, its catchy slogan is: “Life is short. Have an affair.”
One of its ads featured a photo of a woman apparently kneeling at the feet of a bare-chested man, her hand passionately clawing at his belt. Next to her was the caption: “Join FREE & change your life today. Guaranteed!”
Ashley Madison claims to have more than 37 million members.
Calling themselves “The Impact Team,” hackers appear to be enraged at the company’s “full delete” service, which promises to completely erase a user’s profile and all associated data for a $19 fee.
“Full Delete netted [Avid Life Media, the parent company of Ashley Madison] $1.7 million in revenue in 2014,” the hackers were quoted as saying in an online manifesto. “It’s also a complete lie.
“Users almost always pay with credit card; their purchase details are not removed as promised, and include real names and address, which is of course the most important information the users want removed.”
On July 20, Avid Life Media defended the service, and said it would make it free.
The hackers demanded: “AM [Ashley Madison] AND EM [Established Men] MUST SHUT DOWN IMMEDIATELY PERMANENTLY.
“We have taken over all systems in your entire office and production domains, all customer information databases, source code repositories, financial records, emails.
“Shutting down AM and EM will cost you, but non-compliance will cost you more.”
The hackers threatened to “release all customer records, including profiles with all the customers’ secret sexual fantasies and matching credit card transactions, real names and addresses, and employee documents and emails.”
Interestingly, the hackers did not target the company’s “CougarLife” website, which caters to female members seeking “a young stud.”
Avid Life Media assured its customers that it had hired “one of the world’s top IT security teams” to work on the breach:
“At this time, we have been able to secure our sites, and close the unauthorized access points. We are working with law enforcement agencies, which are investigating this criminal act.”
This statement gives new meaning to the phrase, “Closing the barn door after the cow has gotten out.”
It’s almost comical, except for the fact that the marriages of millions of people are likely to be threatened by the release of such information.
And it raises the question: Why wasn’t this “top IT security team” hired at the outset?
A website offering cheating services to those wealthy enough to afford high-priced fees is an obvious target for hackers. After all, its database is a blackmailer’s dream-come-true.
This latest breach comes about two months after a similar dating site, Adult FriendFinder–with an estimated 64 million members–was hit with a similar attack.
Again, it was clear that a site like this would be a prime target for those seeking information for blackmail. Yet apparently its owners didn’t care enough about the privacy of their customers to provide adequate security.
“Without question, this is incredibly valuable information,” said J.J. Thompson, founder and chief executive of Rook Security, an IT security firm.
“[Ashley Madison’s customers] are now vulnerable to a significant secret.”
As usual when a corporation’s data breach occurs, Ashley Madison issued a reassuring statement: “We are working with law enforcement agencies, which are investigating this criminal act.
“Any and all parties responsible for this act of cyber-terrorism will be held responsible.”
Brave-sounding words. But if the hackers make good on their threat, many prominent men in business and politics may soon find themselves facing expensive divorces.
And if that happens, at least some of them may well decide to take out their anger and embarrassment on the websits that assured them that the highly private information they shared was “100% secure.”
That could set a precedent for lawsuits by other victims of such data breaches. Which, in turn, could force profit-obsessed corporations to responsibly protect the highly sensitive information entrusted to them.
There is an important lesson to be learned from this latest disaster.
“Stuff that’s online is pretty much not private, no matter what you might hope or think or wish for,” said Geoff Webb, senior director of solution strategy for security management firm NetIQ.
Old records, like transactions and account details, remain in company databases long after you’ve deleted an account, he said, because the company needs them for tax and other business purposes.
“There used to be an old saying that everybody ends up naked on the Internet at some point,” said Webb.
Although that was meant figuratively, patrons of websites like Ashley Madison could soon find it applying literally.
Bureaucracybuster's Blog 
ABC NEWS, ADULTERY, AIRLINES, ANTHEM INC., ASHLEY MADISON, BUSINESS, CBS NEWS, CHINA, CNN, COMPUTER SECURITY, CREDIT CARDS, CYBERSECURITY, DAIRY QUEEN, FACEBOOK, HACKING, JOHN HERING, JPMORGAN/CHASE, LILY TOMLIN, LOOKOUT, LUGGAGE THEFTS, MA BELL, NBC NEWS, ROWAN & MARTIN'S LAUGH-IN, SOCIAL SECURITY, STAPLES, TARGET, THE CHICAGO SUN-TIMES, THE CHICAGO TRIBUNE, THE LOS ANGELES TIMES, THE NEW YORK TIMES, THE WALL STREET JOURNAL, THE WASHINGTON POST, TWITTER, USA TODAY
THE GOOD NEWS IN THE ASHLEY MADISON SCANDAL
In Bureaucracy, Business, Law Enforcement, Social commentary on August 26, 2015 at 9:50 amIt’s the nightmare-come-true for corporate America.
Name-brand companies, trusted by millions, hit with massive data breaches.
And with a series of keystrokes, the most sensitive financial and personal information of their employees and/or customers is compromised.
Among those companies:
Click here: Data Breach Tracker: All the Major Companies That Have Been Hacked | Money.com
And as of July 15, Ashley Madison joined this list.
Ashley Madison is, of course, the notorious website for cheating wives and husbands.
Launched in 2001, its catchy slogan is: “Life is short. Have an affair.”
One of its ads featured a photo of a woman apparently kneeling at the feet of a bare-chested man, her hand passionately clawing at his belt. Next to her was the caption: “Join FREE & change your life today. Guaranteed!”
Ashley Madison claims to have more than 37 million members. And now, untold numbers of them may find their lives changed forever.
Its hackers were enraged at the company’s refusal to fully delete users’ profiles unless it received a $19 fee.
Referring to themselves as “The Impact Team,” they stated in an online manifesto: “Full Delete netted [Avid Life Media, the parent company of Ashley Madison] $1.7 million in revenue in 2014. It’s also a complete lie.
“Users almost always pay with credit card; their purchase details are not removed as promised, and include real names and address, which is of course the most important information the users want removed.”
On July 20, Avid Life Media defended the service, and said it would make it free.
The hackers demanded: “AM [Ashley Madison] AND EM [Established Men] MUST SHUT DOWN IMMEDIATELY PERMANENTLY.
“We have taken over all systems in your entire office and production domains, all customer information databases, source code repositories, financial records, emails.
“Shutting down AM and EM will cost you, but non-compliance will cost you more.”
The hackers threatened to “release all customer records, including profiles with all the customers’ secret sexual fantasies and matching credit card transactions, real names and addresses, and employee documents and emails.”
Avid Life Media assured its customers that it had hired “one of the world’s top IT security teams” to work on the breach:
“At this time, we have been able to secure our sites, and close the unauthorized access points. We are working with law enforcement agencies, which are investigating this criminal act.”
This statement gives new meaning to the phrase, “Closing the barn door after the cow has gotten out.”
And it raises the question: Why wasn’t this “top IT security team” hired at the outset?
After all, its database is a blackmailer’s dream-come-true. Yet apparently its owners didn’t care enough about the privacy of their customers to provide adequate security.
On August 18, the hackers began releasing their pirated information.
As usual during a corporation’s data breach, Ashley Madison issued a reassuring statement: “We are working with law enforcement agencies, which are investigating this criminal act.
“Any and all parties responsible for this act of cyber-terrorism will be held responsible.”
Eight of those customers (so far) have decided to hold Ashley Madison responsible. They have filed lawsuits against the company in California, Georgia, Minnesota, Missouri, Tennessee and Texas.
They seek class-action status to represent Ashley Madison’s 37 million users.
The lawsuits claim negligence, breach of contract and privacy violations. They charge that Ashley Madison failed to take reasonable steps to protect the security of its users, including those who paid the $19 fee to have their information deleted.
If they win–and force the owners of Ashley Madison to pay up big-time–this could set a precedent for lawsuits by other victims of such data breaches.
An October 22, 2014 “commentary” published in Forbes magazine raised the highly disturbing question: “Cybersecurity: Does Corporate America Really Care?”
And the answer is clearly: No.
Its author is John Hering, co-founder and executive director of Lookout, which bills itself as “the world leader in mobile security for consumers and enterprises alike.”
Click here: Cybersecurity: Does corporate America really care?
“One thing is clear,” writes Hering. “CEOs need to put security on their strategic agendas alongside revenue growth and other issues given priority in boardrooms.”
Hering warns that “CEOs don’t seem to be making security a priority.” And he offers several reasons for this:
“Sales figures and new products are top of mind,” writes Hering. “Shoring up IT systems aren’t.”
The key to sharply reducing data breaches lies in holding greed-obsessed CEOs financially accountable for their criminal negligence.
Only then will their mindset of “We don’t care, we don’t have to” be replaced with: “We care, because our heads will roll if we don’t.”
Share this: