“Life is short. Have an affair,” Ashley Madison, a Canadian adultery site, says. As the “most famous name in infidelity and married dating,” the adult site boasts 38.2 million anonymous members in 48 countries, but after a July 19 hack, those members’ identities, addresses, nude photos, sexual fantasies, and other personal information are at risk.On Twitter, the Impact Team claimed responsibility for the attack, saying that Ashley Madison and Established Men need to be permanently shut down, and they’d release private information if the Avid Life Media (ALM), the owner of Ashley Madison, CougarLife.com and EstablishedMen.com, didn’t comply.Here’s the tweet from Thadeus Zu (@deuszu):

The Impact Team alleges that Ashley Madison does not delete customer information, even when customers pay a $19 fee to do so, said The Globe and Mail, and in 2014, ALM netted $1.7 million in revenue from that feature.In a July 20 statement, ALM responded that the full delete option permanently deletes a user’s profile and removes pictures and all messages sent to other members’ email boxes. The company has now made it free to allow users to delete their online profiles and personally identifying information.A portion of the statement reads: “We apologize for this unprovoked and criminal intrusion into our customers’ information. The current business world has proven to be one in which no company’s online assets are safe from cyber-vandalism, with Avid Life Media being only the latest among many companies to have been attacked, despite investing in the latest privacy and security technologies.”This attack comes two months after the hacking of AdultFriendFinder, another adult hook-up site, said Brian Krebs of Krebs on Security, who broke the Ashley Madison story.Insider Take:Morality issues of adultery aside, the attack on Ashley Madison goes beyond the potential financial risk of releasing credit card information. Instead, the hack was an unacceptable breach of private customer data with the potential to ruin the lives of individuals and families.Regardless of any additional security measures to close potential access points to its systems, Ashley Madison will take a big hit, even if private data is not publicly released. It has lost some credibility, and we anticipate a mass exodus of members who don’t think the site or the data breach is worth the risk. Ashley Madison might even choose to – or have to – shut down.Though a sad situation, there are important lessons for subscription companies to learn here:
- Provide subscribers and members with state-of-the-art, secure technology that ensures their information remains private, regardless of the nature of that information.
- Back up your claims with solid follow-through. If you tell subscribers that you are fully deleting their information when they cancel their accounts, follow-through on that promise and spot check your systems and databases to ensure that process is error free.
- When hacked or otherwise attacked, act swiftly and transparently. Apologize to your subscribers, and be open about the problem, how it occurred and what you’re going to do to fix it.
- Provide additional customer service to reassure subscribers that their data is secure and what you’re doing to prevent this from happening in the future.