[BreachExchange] Ashley Madison attorney-client communications leaked in data breach

Audrey McNeil audrey at riskbasedsecurity.com
Thu Apr 21 20:32:28 EDT 2016


http://www.jdsupra.com/legalnews/ashley-madison-attorney-client-42832/

We all remember the Ashley Madison data breach. The hackers, calling
themselves “The Impact Team” requested that the Ashley Madison extramarital
affair site, and Cougar Life and Established Men sites be “taken down.”
When they weren’t, they posted details (9.7 gigabites worth) to the dark
web of approximately 37 million users.

Of course, lawsuits were filed (we are not counting, but reportedly
“hundreds”) by anonymous plaintiffs. The judge ruled that the named
plaintiffs had to identify themselves if they wanted to represent the class.

In a recent twist, the plaintiffs’ lawyers have informed the court that
e-mails between the owner of Ashley Madison and its lawyers were part of
the information that was posted online and subsequently viewed by members
of the media. Following media reports that there are emails between the
company and their lawyers that mention “methods of hiding the fake female
profiles from Ashley Madison members,” the plaintiffs’ attorneys have
petitioned the court to use those emails to help prove that Ashley Madison
defrauded its members.

Usually, emails between an attorney and client are protected by the
attorney-client privilege. In this case, since the emails were leaked and
posted online, they were available to the public. The plaintiffs are trying
to use the crime-fraud exception to the attorney-client privilege to allow
use of the documents in the litigation. Ashley Madison says “stolen
documents do not lose their privileged status because they are published
without the consent of the privilege holder.”

We will be watching this issue closely as it appears to be a case of first
impression of whether a litigant can use hacked documents to support claims
against the hacked company.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20160421/aa6ccbca/attachment.html>


More information about the BreachExchange mailing list