Data protection update: the Ashley Madison "moral" cyber-attack

Data hacks are not always just about money. The revelation a few hours ago of the exposure of personal details of users of online cheating website Ashley Madison (strapline: "Life is short. Have an affair") has shown that cyber-attackers are just as likely to go after companies whose moral stance is at odds with their own, as they are to target cash.

Whether the motivation is to cause minor embarrassment or to inflict fatal commercial damage, this type of  security risk is one which companies need to have firmly on their radar. In this case, even details of past users of the site who had paid extra to have their details removed from the website have been exposed, revealing the highly under-appreciated fact that, once given, data is virtually impossible to delete. Commentary posted by the public in response to this data breach articles indicates polarised views as to the rights of hackers to pass moral judgement in this way, but such incidents do serve to reinforce the message that handing personal data over to any third party generates the risk that such data may be compromised. In the UK, the Courts are currently looking at the notion of distress caused to consumers as a result of inadequately protected data; the domestic conversations which will be taking place imminently as a result of this incident must surely include an element of that.