In August, 2015, a class action lawsuit was filed against AshleyMadison.com, a popular Canadian website that facilitates extramarital affairs. This is after a breach of the site’s data systems exposed the personal information of about 39 million current and former users.
After obtaining the data, the hackers demanded that Avid Life Media, the website’s parent company which also owns Cougar Life and Established Men, shut down the controversial website.
When Avid Life refused to comply with the request, the information was made public. Victims of the breach faced issues with identity theft. As well as fallout from friends and family members who discovered they were users of the site..
The original class action, filed by two Canadian law firms, sought to recover $578 million in damages against Avid Life Media. This lawsuit, along with four other class action suits, were centralized in St. Louis, MS, in December, 2015. The cases being consolidated stem from Alabama, Missouri, Illinois, California and Texas. There are still 13 related actions pending in eight different districts. These were not included in the consolidation at this time.
The plaintiffs may have an uphill battle now that their cases have been consolidated in the eighth circuit. As an important precedent in the seventh circuit may have been lost for the plaintiffs. The Remijas v. Neiman Marcus case, litigated in the seventh circuit, established that consumer data breach victims had Article III standing to pursue a class action – even without money damages from fraud or identity theft. With the eighth circuit court not being bound to this precedent, the standing of plaintiffs who did not suffer monetary damages may also be at risk.
The original class action filed in St. Louis was brought by a woman against Ashley Madison. It was for charging her and other users $19 to supposedly delete her personal information from the site after she disabled her account. After the breach, many AshleyMadison users found out that this information was not actually deleted. Thus forming the basis for the fraud claims against the site. Other claims by plaintiffs include claims for negligence and breach of contract in allowing the data breach.
In another twist for the unfolding case, many plaintiffs have filed suit under the pseudonym “John Doe”. The defendants are seeking to force the plaintiffs to reveal their true identities and refile their cases. The plaintiff’s lawyers have responded by saying this would be a severe breach of privacy.
No ruling has been made yet on this issue..