The Ashley Madison hack could cost parent company Avid Life Media £1.2 billion in the UK alone, according to international law firm Pinsent Masons.
Ashley Madison is a website with close to 40 million users that facilitates adultery and has the tagline "Life is short. Have an affair".
Luke Scanlon, technology lawyer at Pinsent Masons, said: “The interesting thing about this incident is that recent court decisions in the UK have been leaning towards the view that a claim can be brought when no financial loss occurs but where a person experiences distress as a result of an data breach.
"In the case of Ashley Madison, which is reported has 1.2 million subscribers in the UK alone, if each were to try to claim for £1,000 in compensation Ashley Madison could see itself incurring costs of up to £1.2 billion. Even if claims for distress in this case are modest, the sheer volume of data breached and individuals affected in this attack could have a critical impact on the company. This event reinforces the need for businesses to not just think about what is mandatory by law in information security, but what is best practice.”
Techworld asked Pinsent Masons where it got the £1,000 figure from.
The company replied saying it is an approximation, adding that Scanlon believes it is a relatively 'modest' claim and a 'reasonable' estimate.
It would be dependent on the extent to which the individual could claim they have suffered ‘distress’, said Scanlon.
More than 100 official UK government email addresses have been found in the the Ashley Madison files that were published on the dark web yesterday.
Among the email addresses are 92 Ministry of Defence email addresses, according to the website Political Scrapbook.
Scottish MP Michelle Thomson also appears on the list of Ashley Madison members, as does former prime minister Tony Blair. However, there's one big caveat. Ashley Madison doesn't verify email addresses when registering accounts, which means that many of the names on the list could be from people playing practical jokes.
Thomson said: “Along with potentially millions of others, an out-of-use email address seems to have been harvested by hackers. I am not aware of or in contact with either Avid Life or Ashley Madison and look forward to finding out more about what has actually happened.
"However, having a personal email address linked to an account doesn’t mean that person is really a user of Ashley Madison. Users are able to sign up to the site without responding to an email verification, meaning anyone’s email address could have been used to create an account."
Political Scrapbook also trawled the data to find 1,716 email addresses from universities and further education colleges, using the .ac.uk suffix; 124 using .gov.uk; 92 using .mod.uk; 65 local education authorities and schools using .sch.uk; 56 National Heath Service emails and less than 50 police emails (.police.uk).
The data dump contains the usernames, first names, last names, street addresses and more of some 33 million users. Partial credit card details have also been published, along with records documenting 9.6 million transactions and 36 million email addresses. Among the email addresses were more than 15,000 accounts created with US .mil or .gov email addresses.
The hackers published the information after Avid Life Media failed to take down Ashley Madison.
The Hacking Team said attacked Ashley Madison because it was unhappy with the platform’s "Full Delete" feature, claiming that it doesn’t remove all information about the user.
Pressure is now mounting on Ashley Madison and the company may not survivie the attack, which has the potential to be one of the most complicated and most legally troublesome data dumps in history.