At least four lawsuits filed in the United States seek class-action status over the Ashley Madison data leak, which potentially outed tens of millions of the extramarital affair website's account holders.
Two lawsuits were filed in California, plus another in Missouri and one in Texas, NBC News reports. All of the lawsuits name the plaintiffs as either John Doe or Jane Doe to preserve anonymity, and none make specific requests for damages. However, all four of the lawsuits say $5 million could constitute reasonable penalties.
Class-action lawsuits allow a plaintiff or several plaintiffs to sue on behalf of a larger group whose members share common complaints.
The California lawsuit, filed in Los Angeles, claims its plaintiff suffered emotional distress over the "extremely personal and embarrassing information" that was made available to the public, the Guardian reports. The lawsuit also accused Ashley Madison of negligence and said its Toronto-based parent company, Avid Life Media LLC, didn't take appropriate measures to prevent hackers from accessing clients' sensitive private details, including their credit card information, addresses and phone numbers.
In Texas, lawyers behind the Ashley Madison lawsuit said the company "should have known about the vulnerabilities in [its] computer systems" through which hackers may have accessed client data, NBC News reports. The lawsuit alleges that Ashley Madison had been made aware of those vulnerabilities.
The plaintiff in the Missouri lawsuit said she paid $19 to have her Ashley Madison account scrubbed; however, her personal information reportedly appeared online in the data leak.
Another class-action lawsuit, filed in Canada last week, sought $760 million in damages.
Avid Life Media's chief executive officer Noel Biderman said the company thought it may have been an insider attack. "We're on the doorstep of [confirming] who we believe is the culprit, and unfortunately that may have triggered this mass publication," Biderman told security specialist Brian Krebs in an interview. "It was definitely a person here that was not an employee but certainly had touched our technical services."