The Federal Trade Commission (“FTC”) settled with online dating website AshleyMadison.com for $1.6 million stemming from FTC and state actions brought against the company as a result of a July 2015 data breach that exposed the profile and account information of approximately 36 million users. In addition to the settlement, AshleyMadison.com must also implement a “comprehensive data security plan” and third-party assessments to be completed every two years.

 The FTC and 13 states charged the company with deceiving consumers and inadequately protecting consumer information from exposure.  Specifically, the company used artificial “fembots” to direct consumers to the profiles of fake women in an attempt to increase subscription memberships.  The FTC asserted that Ruby Corp., AshleyMadison’s parent company, wrongfully claimed that personal user information, such as birthdates and relationship statuses, was secure when in fact the company lacked any form of comprehensive data security policies.

Takeaway: Social websites, including dating websites and apps, may wish to consider avoiding the creation of fake user profiles or using technology such as “fembots” to increase paid subscriptions.  Additionally, social websites and apps should consider developing a comprehensive consumer data security policy as part of its company strategy in order to safeguard member information.