It is easy to make jokes about the Ashley Madison data breach.  But it’s not a laughing matter.   Certainly not for Ashley Madison, who is facing massive brand damage.  Think about it.  A site that facilitates infidelity relies on confidentiality almost as much as it relies on desperate housewives (and husbands --  apparently 70% of Ashley Madison customers were men).   So the minute the site isn’t secure its business model falls apart.  Imagine if Federal Express announced it could no longer make overnight deliveries. It’s kind of like that.    

And the brand damage is only part of it.  Count on court cases springing up all over the place.  So what’s Ashley Madison’s exposure?  Well, the most likely liability will be in the form of breach of contract and/or fraud.  The most obvious claim is that customers submitted personal data based on Ashley Madison’s promise it would be maintained on the down low.  That didn’t exactly pan out.  And it appears that data about former users is included in the hacked data.  That’s a problem for Ashley Madison because it offered a service where for a fee it would remove any trace of a customer from its site.  It’s bad enough that the business model sounds like extortion, but it’s even worse if Ashely Madison took the money without wiping out the data.  That sounds like class action material.    

And there could be even more esoteric claims.   Some states actually still recognize a tort called “alienation of affection” – it allows a jilted spouse to sue the “other” woman/man for breaking up a marriage.  It’s a stretch, but could Ashley Madison face alienation claims in those states that still recognize the tort?  Maybe less of a stretch could be wrongful death claims from survivors of suicide victims.   And what of folks who lose jobs as a result of the outing?  It’s not completely unrealistic to believe that an employee who lost a well-paying gig might seek damages.    

And even aside from having to be a defendant, Ashley Madison could get really busy responding to subpoenas.  Apparently, Ashley Madison didn’t verify e-mail addresses.  So anyone could sign someone else up with the other person’s e-mail.  No doubt millions of husbands will claim this is what happened to them.  Several may actually be telling the truth.  And those unfortunate souls may want to sue the folks who signed them up.  That would mean a slew of subpoenas issued to Ashley Madison to begin the chain leading back to the culprit.       

Perhaps the broad message here is to not set up a Web site to help people cheat.  The more narrow, but equally important lesson is to make sure your data security is as tight as can be.  To paraphrase Ashley Madison’s campaign – “Life is Short – Don’t be a Class Action Defendant.”