Unforeseen Consequences of Hacking: When Someone Wants To Use Your Cybercrime Misfortune Against You In A Litigation

Michelle Gitlitz Courtney and D. Morgan Barry

Companies that are hacked face a range of repercussions, such as notifying clients and customers that the privacy of their information has been compromised and implementing a new security system. In July 2015, it was highly publicized that the extramarital affair dating website Ashley Madison was hacked and the names of thousands of cheating men and women were disclosed to the public. While hacks often lead to the filing of class action complaints concerning inadequate cybersecurity measures, here, the plaintiffs’ counsel took an unprecedented position: they sought to use the content of press articles that cited to the leaked documents (including privileged documents) in the multidistrict class action lawsuit.[1]

The class action plaintiffs in the Ashley Madison litigation attempted to use the hacked documents to support their claims that Avid Dating Life (“Avid Dating”), the owner of the extramarital affair website, failed to properly secure users’ confidential information and committed fraud by maintaining fake female profiles on the website AshleyMadison.com.

Upon notice of Plaintiffs’ intention to use the documents, Avid Dating sought a restraining order to prevent Plaintiffs’ use of the documents that were disclosed as a result of the hack. Avid Dating asserted that the use of stolen documents in a litigation is against federal case law, state case law, the Rules of Professional Conduct, and ethics opinions. Supporting Avid Dating were the Amici Does, former users of the adultery website.

In response, Plaintiffs argued that they should be able to use news and media articles discussing the hacked documents (including privileged documents) in their class action complaint because Plaintiffs had no involvement in the hack, the documents were widely disseminated on the internet and in the media, Plaintiffs did not intend to use the stolen documents themselves, but instead use media reports that referenced the stolen documents, and the documents demonstrated Avid Dating’s own wrongful acts.

In a thoughtful, ten-page decision on April 29, 2016, Judge Ross of the Eastern District of Missouri ruled that Plaintiffs were not permitted to use the stolen documents or media reports referencing the documents.[2] Judge Ross did not consider Plaintiff’s innocence in the hack or the fact that the documents were already referenced in news publications to be influential in his decision. Because the documents were stolen and use of stolen documents compromises judicial integrity, Plaintiffs were not permitted to use the documents—end of story.

Judge Ross acknowledged the ethical dilemma in protecting from disclosure privileged hacked documents that showed wrongdoing on the part of Avid Dating: “[h]owever distasteful it may be that some of the e-mail communications between Avid and its counsel may show wrongful or inappropriate conduct, the Court cannot and will not allow Plaintiffs to take advantage of the work of hackers to access documents outside the context of formal discovery.”[3]

[1] In re Ashley Madison Customer Data Sec. Breach Litig., No. 4:15-md-02669 (E.D. Mo. Dec. 9, 2015).

[2] Id. pg. 8.

[3] Id.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s