Ashley Madison facing multiple class-action suits
News that Ashley Madison is facing a national class-action lawsuit in Canada — and at least four others in the United States — highlights that businesses that operate online have to be very careful about security, says Toronto commercial litigation and class-action lawyer Brian Radnoff.
The CBC reports that two law firms have filed a class action on behalf of all Canadians who subscribed to infidelity website AshleyMadison.com. The action is being brought against Avid Dating Life Inc. and Avid Life Media Inc., the corporations that run the site, which was hacked earlier this month. The data breach saw hackers leak, among other things, personal details of millions of members of Ashley Madison.
A few days after the Canadian action was filed, Wired reported that at least four similar lawsuits have been launched in the U.S.
Radnoff, partner with Dickinson Wright, says it’s not surprising that multiple class-action suits have been brought in different jurisdictions given the breadth of the subscribers throughout North America.
“Certainly there would be a good argument that Ashley Madison had an obligation to protect its subscriber information,” he tells AdvocateDaily.com. “In addition, it is alleged the company had a service where if you paid extra, it promised to delete your information. It is alleged that they did not provide the services paid for, which if true, would be a relatively straightforward claim.”
Radnoff, who is not involved in the suit and makes his comments generally, says there are two primary types of claims that can be made, negligence and breach of contract, and there are likely other related tort claims relating to privacy issues.
He says if a company operates on the Internet and takes people’s personal information, it has an obligation to protect that information.
“This really underlines that businesses that operate over the Internet have to be very mindful about their security,” he says. “A company has to take measures to try and protect against cyber-attacks. It’s difficult because clever people can get around some of the best security. However, it’s important for any business that operates on this level to invest in security. Unless the business can demonstrate it did everything that was reasonable to do, there’s a good chance it could be liable.”
He notes this is a similar situation to Target, which experienced an online attack involving confidential customer data in 2013. Earlier this year, Target settled its class-action suit to the tune of $10 million.
Radnoff says the next step for the Canadian class action is a certification motion. He says these motions are not normally heard for months, if not years.
“It’s quite an involved motion,” he says. “Essentially it’s a motion for the court to approve the class action proceeding and, if approved, it proceeds as an action in the normal course. Unless there is some sort of settlement, given the way class actions work it could take years before this is resolved.”