Media discourses surrounding ‘non-ideal’ victims: The case of the Ashley Madison data breach
| Author | Megan Parker,Daniel Sansom,Cassandra Cross |
| Date | 01 January 2019 |
| Published date | 01 January 2019 |
| DOI | 10.1177/0269758017752410 |
| Subject Matter | Articles |
Article
Media discourses
surrounding ‘non-ideal’
victims: The case of the
Ashley Madison data breach
Cassandra Cross
Queensland University of Technology, Australia
Megan Parker
Queensland University of Technology, Australia
Daniel Sansom
Queensland University of Technology, Australia
Abstract
Data breaches are an increasingly common event across businesses globally. Many companies
have been subject to large-scale breaches. Consequently, the exposure of 37 million customers
of the Ashley Madison website is not an extraordinary event in and of itself. However, Ashley
Madison is an online dating website predominantly known for facilitating extramarital affairs.
Therefore, the nature of this website (and business) is very different from those that have
previously been breached. This article examines one of the media discourses surrounding the
victims of the Ashley Madison data breach. It particular, it illustrates examples of victim blaming
evident in the print media towards individuals (or customers) who had their personal details
exposed. Importantly, it highlights the emerging tension within this particular case, of the strong
victim blaming narrative contrasted against those who attempted to challenge this discourse and
refocus attention on the actual offenders, and the criminality of the act. The article concludes
that victims of this data breach were exposed to victim blaming, based on the perceived
immorality of the website they were connected to and their actions in subscribing, rather than
focusing on the data breach itself, and the blatant criminality of the offenders who exposed the
sensitive information.
Corresponding author:
Cassandra Cross, School of Justice, Faculty of Law, Queensland University of Technology, GPO Box 2434, Brisbane,
Queensland 4001, Australia.
Email: ca.cross@qut.edu.au
International Review of Victimology
2019, Vol. 25(1) 53–69
ªThe Author(s) 2018
Article reuse guidelines:
sagepub.com/journals-permissions
DOI: 10.1177/0269758017752410
journals.sagepub.com/home/irv
Keywords
Data breach, victim blaming, hacking, security, victims
Introduction
In July 2015, a team of hackers calling themselves ‘The Impact Team’ broke into the customer
database of the ‘Ashley Madison’ website. They stole internal company documents of Avid Life
Media (ALM), company emails and, more importantly, the personal details of over 37 million cus-
tomers who were at one point subscribed to the website. The incident was first reported on 19 July
2015, through making available a 40GB file of these documents and customer credit card details on
the internet (Krebs, 2015a). While data breaches such as this are by no means a unique event (for
example, there have been prominent business breaches of Sony, Target, Home Depot, JP Morgan
and Anthem as well as government departments in the United States of America, Turkey and the
Philippines (McCandless, 2016)), this data breach was a significant event based on the character of
the website and the sensitive nature of the data released. Ashley Madison is a well-known website
which facilitates extramarital affairs, and had the tagline of ‘Life is short. Have an affair’ (it has
since rebranded to ‘Find your moment’). The alleged motive behind the data breach concerned the
infidelity promoted and enabled by the website and the perceived immorality of subscribers. The
Impact Team released a statement with the initial data dump, threatening to expose further,
more personal andsensitive details of Ashley Madison customers,unless the website was shut down
(Impact Team in Krebs,2015a). Management at ALM refused,and on 18 August 2015 a second data
file was posted on the darkweb, containing 9.7 GB of personal details of AshleyMadison customers
(Bisson, 2015).This was soon made available on the open internetand searchable by any individual.
While the data breach in and of itself was not unique, the nature of the data exposed was
significantly more sensitive. Rather than just credit card details and demographic information of
victims (such as name and address), the Impact Team released information specific to a dating
website, which included data on the customer’s sexuality, sexual preferences, sexual fantasies and
compromising photographs. The severe personal impact of this data breach on individual victims
became apparent in the weeks following the incident, whereby media reports linked this event to
the suicide of a small number of victims exposed in the breach as well as an increasing number of
blackmail and extortion attempts targeted at individuals within the files (BBC, 2015; Netsafe NZ,
2015). The nature of these threats was focused on the exposure of individuals to their family,
friends, work colleagues and others.
The reporting of the Ashley Madison data breach provides an interesting case study on how
these incidents are reported in the mainstream print news media. In contrast to the many previous
companies and victims affected by a data breach, the focus of this incident was very different.
Given that Ashley Madison is known for its adulterous nature, the focus of this incident appeared to
rest squarely on the victims themselves. This was not for the reason that they had experienced a
large breach of privacy and security of their personal details, rather the focus was fixed on the
adulterous nature of the website and being labelled a ‘cheat’ and morally corrupt. However, it is
important to note that having an email address associated with the website was not necessarily an
indication that a person had actually subscribed. Ashley Madison did not attempt to verify the
email addresses of any account holders, and therefore a person could subscribe with any given
email address. The inability to confirm whether those who were exposed had genuinely subscribed
to the website was largely ignored in the media coverage surrounding this incident. As will be
54 International Review of Victimology 25(1)
To continue reading
Request your trial