Searching over 5,500,000 cases.


searching
Buy This Entire Record For $7.95

Download the entire decision to receive the complete text, official citation,
docket number, dissents and concurrences, and footnotes for this case.

Learn more about what you receive with purchase of this case.

Doe v. Avid Life Media, Inc.

United States District Court, C.D. California, Western Division

August 21, 2015

JOHN DOE (a pseudonym), individually and on behalf of all others similarly situated, Plaintiffs,
v.
AVID LIFE MEDIA, INC., an Ontario corporation, and AVID DATING LIFE, INC, an Ontario corporation dba ASHLEY MADISON Defendants.

         CLASS ACTION COMPLAINT

          JULIAN HAMMOND, POLINA PECHERSKAYA API CHERNIAK HAMMONDLAW, PC. Attorneys for Plaintiffs and Putative Class.

          DEMAND FOR JURY TRIAL

         Plaintiff JOHN DOE ("Plaintiff) brings this class action against Defendants AVID LIFE MEDIA, INC. and AVID DATING LIFE, INC., d/b/a Ashley Madison ("Defendants") on behalf of himself and all others similarly situated. Except as to his own actions, Plaintiff avers the following allegations upon information and belief of the investigation of his counsel and the facts that are a matter of public record:

         INTRODUCTION

         Defendants operate a dating site under the ASHLEY MADISON trademark as AshleyMadison.com. The Ashley Madison website, in operation since 2002, is designed to facilitate discreet intimate adult relationships for individuals who are either married or are in committed relationships. Ashley Madison targets individuals who reside in the United States as well as outside the United States. The website boasts a current membership of approximately 37 million users and is rated the twentieth most popular adult website in the United States.[1] The website has proven extraordinarily lucrative, yielding Defendants $115.5 million in revenue in 2014 alone.[2]

         The website stores personal and financial information of its users, such as users' login details, mailing addresses, email addresses, phone numbers, payment transaction details, credit card data, and passwords. Importantly, highly sensitive user profile data such as photographs and sexual fantasies is also stored in the website.

         In what can only be described as a nightmare for the users of Ashley Madison.com, on or about July 20, 2015, the hacking collective Impact Team accessed and downloaded the personal and financial data of approximately all 37 million Ashley Madison.com customers. Following this theft of information, the hackers threatened that if Defendants did not shut down the website, they would release all customer information on the Internet in a "data dump." On or about August 18, 2015, the Impact Team made good on its promise, dumping 9.7 gigabytes worth of stolen and highly-sensitive personal and financial data - including user identity information and their sexual fantasies and preferences - belonging to the website's some 37 million users. Reportedly, among the "dumped" data was data of individuals who paid a fee of $19 to have AshleyMadison.com scrub their profiles from the site, but whose profiles had apparently not been scrubbed.[3] Needless to say, this dumping of sensitive personal and financial information is bound to have catastrophic effects on the lives of the website's users.

         JURISDICTION & VENUE

         1. This Court has subject-matter jurisdiction pursuant to the Class Action Fairness Act, 28 U.S.C. § 1332(d)(2). In the aggregate, Plaintiffs claims and the claims of the other members of the Class exceed $5, 000, 000 exclusive of interest and costs, and the class members are citizens of a state other than Defendants' state or country of citizenship, which is Ontario, Canada. This Court may also exercise supplemental jurisdiction over the state law claims pled below.

         2. This Court has personal jurisdiction over Defendants because Defendants:

a. intentionally avail themselves of this jurisdiction by marketing its website to millions of consumers nationwide, including residents throughout California and this District; and
b. have directed tortious acts toward individuals residing within this District, and have committed tortious acts that they know or should have known would cause injury to Plaintiff and Class Members in this District.

         3. Venue lies within this District under 28 U.S.C. § 1391(b)-(c) because: (a) Defendants regularly transact business within this District; (b) certain acts giving rise to the claims asserted in this Complaint occurred in this District; and (c) the actions of Defendants alleged in this Complaint caused damages to Plaintiff and a substantial number of Class Members within this District.

         PARTIES

         4. Plaintiff is a male who resides in Los Angeles, California. Plaintiff created an account with Ashley Madison in March 2012.

         5. Defendant Avid Life Media, Inc. is a corporation organized and existing under the laws of Ontario, Canada, with its principal place of business and headquarters in Toronto, Canada. The corporation owns various companies that are in business of operating online dating websites.

         6. Defendant Avid Dating Life, Inc. d/b/a Ashley Madison is a corporation organized and existing under the laws of Ontario, Canada, with its principal place of business in Toronto, Canada, and is regularly engaged in the business of operating online dating websites, including Ashley Madi son. com.

         FACTS COMMON TO ALL COUNTS

         A. Defendants and their Business

         7. AshleyMadision.com is a dating website marketed to people who are married or are in committed relationships seeking to engage in adulterous behavior. AshleyMadison.com is owned by Avid Life Media, a privately-held Canadian corporation founded by its CEO Noel Biderman, which owns various companies that are in business of operating online dating websites, including CougarLife.com and EstablishedMen.com.

         8. Defendants market AshleyMadision.com to consumers in the United States as well as outside the United States. The website has more than 37 million users in 46 countries. It is rated the twentieth most popular adult website in the United States. Defendants market the website through television, radio, billboard, and internet advertisements, many of which include its founder and CEO Noel Biderman as the website's spokesperson.

         9. The website's business model is based on credits, which users purchase, as opposed to paid subscriptions. In order to initiate a conversation with another user, one must "pay" five credits. Users buy credits from the website and enter their credit or debit card information in order to pay for the credits.

         10. The website also offers to "scrub" - or delete - user profiles along with all personal information from the website for a $19 charge.

         B. AshleyMadison.com Stores Personal Information of Its Users in an Unencrypted Format at the Database Level

         11. In order to create an account on AshleyMadision.com, users are required to select a username and password, personalize a "greeting, " indicate their location (by country), zip code, date of birth, type of affair sought - the options provided are short term, long term, cyber affair/erotic chat, or other - height, weight, body type, ethnicity and email.

         12. Below the box where users are asked to enter their "email, " the website promises: "This email will never be shown or shared." 13. The website also asks each user to upload a "discrete photo" and offers options of either placing a mask over the user's eyes on the photo or blurring the photo.

         14. In the "Manage Profile" section, users may enter information relating to "My Intimate Desires" "My Perfect Match" and "My Personal Interests, " among other information.

         15. Upon information and belief, Defendants store the users' personal information they collect in an unencrypted format at the database level.[4] Despite these security threats that may have even been internally discovered by Defendants' internal officers or directors, Defendants published on the internet a statement calling itself "the last truly secure space on the Internet."[5]

         C. Plaintiffs Creation of a AshleyMadison.com Account and Security Breach

         16. On or about March 2012, Plaintiff created an account with AshleyMadison.com. As part of the process of creating his account, Plaintiff created a username and password and entered his personal information into the website's system, including photographs. Plaintiff subsequently purchased credits and communicated with other members on the website.

         17. As a result of Defendants' failure to maintain adequate and reasonable security measures to secure the data of the website's users from being compromised, on or about July 20, 2015, Impact Team, a group of hackers, downloaded highly-sensitive personal, financial, and identifying information of the website's some 37 million users.

         18. On information and belief, among the data compromised and downloaded were profiles of individuals who executed the option to scrub their user profiles and all associated data and paid $19 to Defendants to do so, yet Defendants failed to actually scrub the data.

         19. Following the breach and downloading of users' personal and financial information, Impact Team threatened that if Avid Life Media did not shut down the website permanently, they would leak the information on the Internet. Avid Life Media refused to shut down the website, and on or about August 18, 2015, Impact Team, in keeping with its threat, published some 9.7 gigabytes of stolen personal information of the website users on the Internet.

         20. This massive data breach could have been prevented had Defendants taken the necessary and reasonable precautions to protect its users' information by, for example, encrypting the data entrusted to it by its users on a database level so that any information hacked and downloaded appeared in the encrypted format. Defendants were aware or should have been aware of the need to secure users' information, especially in light of the recent rise of massive security breaches on the Internet and the fact that the information contained on its servers is particularly sensitive.

         21. Defendant failed to notify Plaintiff and Class Members of the breach in a timely manner after learning of the breach and failed to take reasonable steps to inform Plaintiff and Class Members of the extent of the breach.

         22. Plaintiffs account and personal information is among the information that was compromised in the breach and made public on the Internet.

         D. The Data Breach Harmed Plaintiff and Class Members

         23. As a result of Defendants' unfair, unreasonable, and inadequate data security, its users' extremely personal and embarrassing information is now accessible to the public. In addition to the embarrassing information regarding users' sexual interests or the fact that users were seeking or had affairs, users' addresses, phone numbers, email addresses, credit card or other payment information, and/or birth dates, and photos are also now available on the World Wide Web. For many of the website's users, the publicity of this information has created and will continue to create irreparable harm.

         CLASS ACTION ALLEGATIONS

         24. Plaintiff brings this action on behalf of himself and all others similarly situated as a class action pursuant to Federal Rules of Civil Procedure Rule 23, and seeks to represent the following National Class and California Subclass (collectively, "Class")

         National Class: All individuals in the United States who created an account(s) on AshleyMadison.comand whose information was ...


Buy This Entire Record For $7.95

Download the entire decision to receive the complete text, official citation,
docket number, dissents and concurrences, and footnotes for this case.

Learn more about what you receive with purchase of this case.