Pro-adultery dating website Ashley Madison must pay a $1.66 million penalty for a 2015 hack that exposed 36 million user accounts.
The fine, though substantial, is less than one-tenth the $17.5 million the company originally agreed to pay to settle after an investigation by the Federal Trade Commission (FTC), reports Reuters. The penalty was reduced after Ashley Madison’s parent company, Ruby Corp.—known as Avid Life Media before the hack—revealed it was unable to pay the original amount.
FTC Chairwoman Edith Ramirez said the agency wanted Ruby to “feel the pain” but not go out of business.
“I recognize that it was a far lower number frankly than I would have liked,” FTC Chairwoman Edith Ramirez told reporters. “We want them to feel the pain. We don’t want them to profit from unlawful conduct. At the same time, we are not going to seek to put a company out of business.”
Investigations in 13 states and the District of Columbia found the company negligent in protecting user data, nearly 10GB of which hackers leaked onto the internet. The hack ultimately exposed tens of thousands of users, including public officials, military personnel, and celebrities, and put some users at risk of criminal prosecution and personal reprisal.
Josh Duggar, the former director at the ultra-conservative Family Research Council and star of 19 Kids and Counting, became the highest-profile victim of the breach.