The owner of AshleyMadison.com will pay a fraction of a $17.5 million settlement reached Wednesday over the hack of the cheating website in July 2015 that led to the release of millions of members' personal information.
Ruby, which owns Ashley Madison in addition to CougarLife and Established Men, will be required to make an immediate payment of just over $1.6 million divided among 13 states included in the suit and the Federal Trade Commission. But "the remainder of the $17.5 million payment is suspended based on ruby Corp.’s inability to pay," the New York Attorney General's office said in a statement.
The office told BuzzFeed News settlement figures are not determined by a company's ability to pay but on the violations they committed. “This settlement should send a clear message to all companies doing business online that reckless disregard for data security will not be tolerated,” said Attorney General Eric Schneiderman in a release.
The discussion of Ruby's ability to pay the $17.5 million settlement is not public, and the company's recent financials were not immediately available. In 2014 — before the site was hit by security concerns — the owner of Ashley Madison made $115 million in revenue. If the office discovers the company misrepresented their finances, Ruby would be required to pay the remainder of the $17.5 million.
FTC Chair Edith Ramirez told reporters in a press call on Wednesday that the goal of the settlement was to make the company "feel the pain."
"We don't want them to profit from unlawful conduct," she continued. "And at the same time we are not going to seek to put a company out of business."
The FTC's portion of the settlement will go to the US treasury, and not to consumers, because the $1.6 million figure would not cover compensation for those affected, added Ramirez.
An investigation into the hack found AshleyMadison.com had weak security practices, misrepresented its security to users, and failed to delete user information after they paid to be erased from the site, said the New York Attorney General's office.
The site also created fake profiles to lure users who were using Ashley Madison’s free services into purchasing credits to communicate with other members, including “members” with other fake profiles, investigators found. Some of these fake profiles used information and photos from actual users who had been dormant for a year.
Ruby said in a statement that the settlement marks a "pivotal day" for members and the company. But it "neither admits nor denies the allegations made by the FTC and the State Attorneys-General."
"Today’s settlement closes an important chapter on the company’s past and reinforces our commitment to operating with integrity and to building a new future for our members, our team and our company,” said Ruby CEO Rob Segal, adding the company has been cooperating fully with the FTC for more than a year.
“Our team is making significant, long-term investments in our people, processes and systems to improve Ashley Madison for our members,” he said.
Ruby's president James Millership said the company has already implemented new business practices and improved its security over the last 18 months.