The fine, though substantial, is less than one-tenth the $17.5 million the company originally agreed to pay to settle after an investigation by the Federal Trade Commission (FTC), reports Reuters. The penalty was reduced after Ashley Madison’s parent company, Ruby Corp.—known as Avid Life Media before the hack—revealed it was unable to pay the original amount.
FTC Chairwoman Edith Ramirez said the agency wanted Ruby to “feel the pain” but not go out of business.
“I recognize that it was a far lower number frankly than I would have liked,” FTC Chairwoman Edith Ramirez told reporters. “We want them to feel the pain. We don’t want them to profit from unlawful conduct. At the same time, we are not going to seek to put a company out of business.”
Investigations in 13 states and the District of Columbia found the company negligent in protecting user data, nearly 10GB of which hackers leaked onto the internet. The hack ultimately exposed tens of thousands of users, including public officials, military personnel, and celebrities, and put some users at risk of criminal prosecution and personal reprisal.