We all remember last year's hype surrounding the Ashley Madison dating site's data breach. Hackers exposed identifying information about millions of users of the site that has the tagline, "Life is short. Have an affair."
Then came the lawyers smelling blood in the water—filing proposed class-action suits targeting the cheating site's not-so-perfect "Full Delete" option that was supposed to, and didn't, remove all identifying information from the service for a $19 fee per user. Then it surfaced that the site perhaps made phony profiles of women to attract more men to the site.
The massive litigation has been co-mingled in Missouri, and there are some interesting elements at play. For starters, the judge presiding over the case says that if you want to be a named plaintiff in the litigation, you can't use a pseudonym like "John Doe," and instead you have to use your real name. The judge, in agreeing with Ashley Madison's owners, ruled that only in extraordinary circumstances may civil litigation proceed under fake names, like in cases such as sex crimes and suits about juveniles.
"The disclosure of Plaintiffs' identities could expose their sensitive personal and financial information—information stolen from Avid when its computer systems were hacked—to public scrutiny and exacerbate the privacy violations underlying their lawsuit," US District Judge John Ross ruled (PDF) earlier this month. "At the same time, there is a compelling public interest in open court proceedings, particularly in the context of a class action, where a plaintiff seeks to represent a class of consumers who have a personal stake in the case and a heightened interest in knowing who purports to represent their interests in the litigation." Days ago, a "John Doe" plaintiff removed (PDF) himself from the case.
The judge has given the class, so far using unnamed plaintiffs, until June 3 to lodge their official class-action complaint and to allow those suing to determine whether they wish to be named plaintiffs or drop out. The advantages of being a named plaintiff are largely monetary. Those named in class-action cases are usually rewarded with tens of thousands of dollars in a settlement. However, data breach cases traditionally bring little financial reward to class members, yet they give large payouts to prevailing plaintiffs' attorneys.
There's also a big wrinkle that could affect the upcoming class-action filing. Attorneys want to use confidential communications between Ashley Madison executives and their attorneys as part of their lawsuit in a bid to establish that the company made fake female profiles to induce people to become one of the site's 39 million members. Obviously, Avid Life Media, the site's operator, is opposed. Plaintiffs' lawyers say the data is not protected by attorney-client privilege and can be part of the case because of the "crime-fraud" exception. That exception means that a client and their attorney's back-and-forth communications are not protected if the communications were made "with the intention of committing or covering up a crime or fraud." The plaintiffs' lawyers noted a story in Gizmodo citing the hacked data in which Avid Life attorneys are discussing "fictitious" profiles on the Ashley Madison site.
Judge Ross has not ruled on the request but is expected to do so before the June 3 filing deadline.
reader comments
39