Ashley Madison data breach
Attackers breached Avid Life Media in 2015 and published data associated with roughly 36 million Ashley Madison accounts. The material included email addresses, profile information, and data connected to an intimate service whose users expected discretion.
The Canadian and Australian privacy commissioners found security, retention, and transparency failures. The company’s paid-delete option was especially important: some information was retained after users paid for deletion, so the breach exposed the gap between a user-facing deletion promise and the actual data lifecycle.
The case in Case for privacy and security shows that sensitivity depends on context, not merely on whether each field looks secret in isolation. It also makes deletion verifiability a security control rather than a cosmetic account feature.