The settlement over Ashley Madison’s data breach presents a unique conundrum: How do you find class members who don’t exactly want to be found?
From the start, anonymity has plagued lawsuits over the 2015 hack that compromised the personal information of 37 million subscribers to AshleyMadison.com, an online dating site that targets people looking to have an affair. Many class action attorneys, questioning who would want to be identified as a plaintiff, bowed out of the litigation. Those who pursued cases asked a federal judge in Missouri to allow their clients to use pseudonyms, but they weren’t successful.
Heading into this month’s $11.2 million settlement, there was the potential for embarrassment on both sides. The deal contains provisions that acknowledge the problems inherent in sending out notices and distributing payouts to class members in this case: Many of them gave fake email or street addresses when setting up accounts and, truth be told, they might not want notices of the deal sent to their businesses or home addresses.
“In this particular case, direct notice to the class is impossible and has the potential to create future harm to class members,” plaintiffs’ attorneys wrote in a July 14 motion to approve the settlement.
As a result, lawyers came up with a plan to distribute notices to all online dating users — not just Ashley Madison subscribers — through People and Sports Illustrated magazines and on banner ads, rather than emails or mailboxes. They also plan to advertise the agreement “in a prominent location” on the websites of the lawyers’ firms. And the settlement will have its own website, although the URL won’t make reference to Ashley Madison or any other information identifying it “as being related in any way to the substance of this litigation or purpose of ashleymadison.com.”
Claim forms will be “strictly confidential,” according to the agreement.
On Friday, U.S. District Judge John Ross in St. Louis, Missouri, is set to hear oral arguments on whether to preliminarily approve the settlement.
Co-lead plaintiffs’ attorney W. Lewis Garrison of Heninger Garrison Davis in Birmingham, Alabama, declined to comment.
Richard Cassetta, a partner at Bryan Cave in St. Louis, and Robert Atkins, a partner at New York’s Paul, Weiss, Rifkind, Wharton & Garrison, who represent Ruby Corp., the rebranded name of Ashley Madison’s parent company, Avid Life Media Inc., did not respond to requests for comment, and Paul Keable, a spokesman for the company, declined to comment “as this matter is still before the courts.”
In the settlement agreement, Ruby cited a need to “avoid further expense, inconvenience and burden” by agreeing to a settlement “without admitting liability for any of the alleged acts or omissions in the complaint.”
Ian Dumain of Boies Schiller Flexner in Armonk, New York, who represents former CEO Noel Biderman, named as a defendant in the litigation, declined to comment.
To be sure, anonymity wasn’t the only issue plaguing the Ashley Madison lawsuits. Lawyers for Ashley Madison were set to argue why the lawsuits should be tossed under the arbitration clausesusers signed when they set up accounts.
Ashley Madison’s lawyers also were expected to challenge the standing of the lead plaintiffs by arguing that the hack didn’t cause “concrete injuries” as defined in the U.S. Supreme Court’s 2016 ruling in Spokeo v. Robins.
Plaintiffs’ lawyers got a boost in December when Ashley Madison’s parent company reached a settlement with the Federal Trade Commission and 13 state attorneys general, including New York, over the breach. But the Toronto-based company only had to pay $1.6 million of the $17.5 million agreement due to financial problems that also plagued the class action settlement, according to court records.
All those challenges meant “this was far from an easy case,” plaintiffs’ lawyers wrote in their motion. “While plaintiffs have what they believe to be strong arguments to the contrary, success is far from certain.”
Under the deal, class members could receive up to $500 each for the $19 they paid to delete their personal information from the site (which Ashley Madison didn’t delete) or the credits they paid to access users who turned out to be fake female profiles the company set up to lure more men to the site. Class members also could get up to $2,000 each for any additional unreimbursed costs incurred in having their identities stolen.
But not all the $11.2 million will go to class members. The eight plaintiffs’ law firms, including Pittsburgh’s Carlson Lynch Sweet Kilpela & Carpenter, haven’t officially asked for their fees but indicated in court papers that they plan to seek no more than 30 percent of the $11.2 million, or about $3.7 million. And there are provisions for what happens if not all class members make claims. Whatever unclaimed funds remain will go to a “charitable digital privacy or similar organization.”
Contact Amanda Bronstad at email@example.com. On Twitter: @abronstadlaw.