Toronto, ONThere is little doubt that as far as data breaches go, this week will go down as The Week Time Stood Still, and not just for the 37 million worldwide subscribers to the cheating website Ashley Madison, which was hacked through the back door of its parent company, Avid Life Media (ALM), sometime before Monday. Consumers of Ashley Madison’s equally frisky online cousins, Cougar Life and Established Men, will also be wondering if their secrets are safe. And anyone who has used the photo service CVS in tandem with Walmart Canada, Costco Canada, Rite Aid and others will also be a bit nervous after hacks were announced this week.
Oh hell, we’re all worried. And we have a right to be. As more global commerce is conducted online, we have become desensitized to the interconnectivity of it all. We marvel at the technological savvy that allows us to log in to the office from home or from our phone. We can send e-mails, text messages and photos from anywhere, and to anywhere. And can turn up the air conditioning and start the coffee percolating from our tablets. And we buy stuff from online vendors with our credit cards and personal identification at the drop of a hat.
Oh it’s just so easy. And of course it’s safe. We don’t have to worry about our most personal information, our real birth dates, our sexual fantasies getting out there, embarrassing us in front of our employers and the dear soul who passes the collection plate at church. They have people for that…
Right?
Not on your avid life. If ALM, the company that runs Ashley Madison and its affiliated hookup sites, can’t keep a lid on your most sordid and alluring secrets - and can’t prevent a related hookup of sexual fantasy to your real name, address and Social Security number - then, well, no one is safe.
You think pharmaceutical lawsuits are the big players? Think again. Data breaches affect everybody. And when everybody starts suing everybody over data breaches and hacks that affect absolutely everyone regardless of age, status or income level - well, this is a good time to get into the lawyering profession.
The breaches that impacted CVS Health Inc. and its partners Walmart Canada, Costco Canada and Costco Wholesale, Sam’s Club, Rite Aid, and Tesco (a British supermarket chain) stemmed from a relationship they all have with PNI Digital Media (PNI), an enterprise based in Vancouver that hosts and/or manages photo services. Reuters (7/21/15) reported on Tuesday that PNI is owned by Staples Inc. after the latter purchased PNI last year.
Staples, by the way, suffered its own online hack a year ago, according to the New York Times (7/17/15). Reuters reported that according to Costco Canada and Rite Aid, PNI has limited access to customer information since it doesn’t itself process credit cards. But that’s not to say it doesn’t have names and addresses. And the New York Times reported that according to statements made by CVS and Walmart Canada as recently as a week ago, credit card information may indeed have been leaked. Thus, the various partners doing business with PNI have taken down their photo service sites as a precaution.
And then there’s Ashley Madison, the cheating site that itself has been cheated upon - not by carousing corporate partners on the prowl for a little more action, but by hackers who reportedly took exception to ALM’s claim that for a small fee, clients can completely erase their profiles at will.
Sign up, sleep around, then have second thoughts? Or sign up, have an epiphany and chicken out? Have no fear, for nineteen bucks you’re outta there.
But no. There’s always a but (or a “butt,” if you’re paying attention…).
Krebs on Security described the hackers as taking offense to Ashley Madison’s promotion of a "full delete" feature capable of removing site usage history and personally identifiable information when, in actual fact - according to the hackers, anyway - purchase details including client names and addresses were not actually scrubbed.
Oh, that’s just swell.
The hackers responsible for the ALM hack, who call themselves The Impact Team, have certainly made an impact with their threats to release client records, “including profiles with all the customers’ secret sexual fantasies and matching credit card transactions, real names and addresses, and employee documents and emails.”
It’s blackmail, in a way, in that The Impact Team wants Ashley Madison and Established Men taken down (interestingly, the team seems to be okay with Cougar Life - discuss amongst yourselves…).
Noel Biderman, ALM’s chief executive, reportedly suggested to Krebs on Security that the data breach might have been perpetrated by someone who had access to the company’s network, such as a former employee or contractor. ALM released a statement this past Monday morning (7/20/15), saying the breach is being investigated. “At this time, we have been able to secure our sites, and close the unauthorized access points,” ALM’s statement said. “We are working with law enforcement agencies, which are investigating this criminal act. Any and all parties responsible for this act of cyber-terrorism will be held responsible.”
It is assumed that some 37 million partners of those who use or have used Ashley Madison or Established Men will also be held responsible for their respective decisions to access unauthorized access points of their own…
It is said that what you give out, comes back. The fact that Ashley Madison got screwed notwithstanding, the data breaches this week suggest to us all that we need to be mighty careful about anything and everything we put online. There are no secrets.
If you or a loved one have suffered losses in this case, please click the link below and your complaint will be sent to an internet/technology lawyer who may evaluate your Data Breach claim at no cost or obligation.