Ashley Madison's image on their webpage. A woman with her finger on her mouth as a 'shhh', clearly displaying that she's wearing a wedding ring.
The image from the main Ashley Madison website

Navigating Records Retention Issues: The Ashley Madison Breach

In the latest Netflix documentary, we see the ins and outs of the Ashley Madison company. In July 2015, the world witnessed one of the most controversial and high-profile data breaches in recent history. Ashley Madison is a dating website aimed at facilitating extramarital affairs. The company saw its user data leaked by a group calling itself “The Impact Team.” The breach exposed 33 millions of users’ private information. However, it also also raised significant questions about records retention and data management practices.

The Breach: An Overview of Ashley Madison’s situation

The Ashley Madison breach resulted in the leak of membership data. A third party likely stored the credit card data elsewhere, which I guess was their only saving grace. ‘The Impact Team” motive was to expose the site’s purported hypocrisy and questionable practices, including charging users a fee to delete their accounts while still retaining significant data.

I think it’s important to remember that whilst we see data breaches happening all of the time (or so it feels like it) that these have real world consequences. In the documentary, we see that a pastor took his own life after the church terminated his role for being an Ashley Madison user revealed in the breach.

Records Retention: A Double-Edged Sword

As we know, records retention involves maintaining records for specified periods to comply with legal, regulatory, and business requirements. While businesses need to retain records for operations, compliance, and security, mismanagement can pose risks. Unsurprisingly, the breach revealed these matters were not properly managed. Ashley Madison lives on today so, while it wasn’t the end of the world for them, it was for many marriages across the world.

Types of Ashley Madison Data that were leaked initially:

The data dump included the usernames, first names, last names, street addresses, and additional personal details of approximately 33 million users. It also contains partial credit card information, records of 9.6 million transactions, and 36 million email addresses dating back seven years. Over 15,000 email addresses created with US .mil or .gov domains are among these accounts.

The data dump also included physical descriptions created by users, such as eye colour, weight, height, hair colour, body type, and ethnicity. Other personal details include relationship status, preferences, alcohol and smoking habits, security questions, and dates of birth. The database’s ‘gender’ field revealed that 80% of Ashley Madison’s users were at the time male (28 million), 14% were female (5 million), and 5% (2 million) did not specify their gender. Various sources detail different numbers, raising questions about how many bots were on the site to cope with the mass amount of males.

The first leak was the hardest but then there came a second one

Besides user data, the second leak featured internal documents from Ashley Madison, such as employee credentials, charts, contracts, and sales documents. It also included emails of the CEO who had repeatedly denied having an affair but the emails showed differently.

The leak hashed the passwords using a secure algorithm. Although decrypting the entire database of passwords is challenging and costly, Ashley Madison users were advised to change their passwords and update any accounts where they used the same password.

Key Issues Highlighted by the Ashley Madison Breach:

  1. Inadequate Data Deletion Practices:
    • Paid Account Deletion: Ashley Madison offered a “full delete” service for a fee, promising to remove users’ information from their database. However, the breach revealed that deleted accounts were not entirely erased. This discrepancy exposed the company to legal scrutiny.
    • Residual Data: Even after account deletion, residual data remained. Thereby indicating a lack of proper data sanitisation methods. These are crucial to ensure that all traces of user data are irreversibly removed from the system.
  2. Over-Retention of Data:
    • Long-Term Storage: Ashley Madison retained user data far longer than necessary. Over-retention of data increases the risk of exposure in the event of a breach and contradicts the principle of data minimisation.
    • Sensitive Personal Data: The retention of such information such as sexual orientation without clear retention policies amplified the fallout from the breach. Such data should be subject to stringent retention limits and robust protection measures.
  3. Lack of Robust Security Measures
    • Encryption and Security Controls: Effective records retention must be complemented by robust security measures. The breach highlighted deficiencies in encryption and other security practices, making data easily accessible once the breach occurred.
    • Regular Audits: Data retention policies and security control audits are essential. They help identify and rectify vulnerabilities and ensure compliance requirements.
  4. Regulatory Compliance:
    • Privacy Laws: Post-breach, Ashley Madison faced scrutiny regarding its compliance with privacy laws. Whilst the breach happened before GDPR was implemented, we still had the Data Protection Act 1998. This breach should have been the defining moment to emphasise the importance of data protection and records management.
    • Transparency and Accountability: Organisations must be transparent about their data retention policies and accountable for their data handling practices. The incident serves as a warning about the consequences of inadequate transparency.

Best Practices for Records Retention

To prevent incidents like the Ashley Madison breach, organisations should adopt the following best practices for records retention:

  1. Establish Clear Policies
    • Define clear retention and disposal policies that comply with legal regulatory requirements
    • Ensure these policies cover all types of records, documents, data and information especially those with personal data.
  2. Implement Strong Data Disposal Processes
    • There are multi-faceted approaches that you need to consider when deleting data. Is the data is duplicated? Is there data on backups? Do you need to delete it from multiple areas? Do you need to wipe hard drives to ensure it’s gone? To what degree do you need to make sure records are gone? In 2024, if you don’t have a digital footprint, then you’re a rarity.
  3. Adopt a privacy-by-design approach
    • Don’t collect data if you don’t need it. You should work out that if you don’t need someone’s personal data then you shouldn’t collect it.
  4. Adopt a Data Minimisation Approach
    • If you need to collect the data, only keep the data for as long as you need it. Don’t hang on to data you don’t have a processing condition for
    • If you offer a paid-for service to delete people’s accounts/data, then actually follow through with the whole complete process.
  5. Enhance Security Measures
    • Encrypt sensitive data at rest and in transit
    • Implement multi-layered security controls to protect data from unauthorised access.
  6. Regular audits and training
    • Conduct regular audits of data retention and security practices to identify and mitigate risks.
    • Train employees on data protection policies and the importance of compliance with data retention standards.
  7. Implement Data Sanitisation
    • Use advanced data sanitisation techniques to ensure that deleted data cannot be recovered.
    • Regularly test and audit these processes to ensure their effectiveness.

Dollar Signs

U.S. investigators initially wanted Ruby to pay $17.5 million in the settlement. It ended up being $1.6 Million as the remaining amount was suspended based on the company’s inability to pay.

The most shocking aspect of this breach is that Ashley Madison continues to survive today. The company now boasts 80 million users, although they now have much more significantly stronger security now.


The Ashley Madison breach serves as a stark reminder of the importance of robust records retention and data management practices. By addressing the issues of inadequate data deletion, over-retention, and poor security measures, organisations can better protect themselves and their users. The devastating consequences of data breaches are extremely far-reaching. Ensuring compliance with privacy laws and adopting best practices in data retention not only safeguards sensitive information, but also builds trust with users and stakeholders.


This isn’t the first blog where I’ve talked about something with an intimate related topic. If you recall back to 2014/2016 when I published my Metadata of Porn (NSFW) blog post. I was reminded of this blog post when I was at the IRMS Conference recently. The blog post should be read with the humour that it was intended but I’d suggest you don’t read it on a work device due to the nature/sensitive topic.

If you struggle with records retention, then you can always contact Records Management Girl to get help with retention schedules for as little as £500.

Crime Files: Ashley Madison – Life is short. Don’t have a Breach