Hackers called the "Impact Team" have obtained 37 million personal records from customer data held by Ashley Madison, an infidelity website owned by Canadian based Company: Avid Life Media. This data includes alleged names, addresses, photographs and credit cards details of Ashley Madison's customers.
The customer's information held by Avid Life Media was sensitive and personal data. Therefore, in respect to the Company's UK users, this information comes under the UK Data Protection Act 1998 (DPA).
Personal and sensitive personal data can only be held and used with the express permission from the person by whom it relates. The DPA was breached through:
- The hackers obtaining and publishing the customers' personal and sensitive personal data; and
- Avid Life Media's actions. It failed to keep customers' data safe and secure, held personal and sensitive personal data about their customers when the individuals had not only requested, but paid consideration, for its removal.