Any data breach is a big deal, regardless of the company that’s targeted. The most recent example of a reputation-damaging data leak is the July 2015 breach of Ashley Madison’s user database. After that breach, a huge amount of data was released into the wild web where your average Internet users could access it. This approach is fairly unusual for data leak situations.
In most data breach situations we’ve seen recently, personally identifiable information or banking information was stolen and sold or traded on the black market for financial gain, often resulting in stolen identities and compromised bank accounts. In this situation, however, the information was publicly leaked and the main fallout will be reputational harm.
A personal brand and online reputation is more influential than most people think. You don’t have to be famous for bad Google results to affect people’s opinions of you. In extreme situations, a bad online reputation can dramatically affect your life in the “real world.” With the increasing prevalence of data leaks, it’s important to know how to react if your information is stolen and disseminated and how you can protect your online reputation.
In situations like the Ashley Madison leak, the nature of the data is of particular interest to the general public, making it a goldmine for opportunistic web developers. Shortly after the leak, a number of websites cropped up that allow anyone to check an email for an Ashley Madison account, including spouses, family members, friends and business associates.
High profile individuals are facing a tougher time because the search results for their names are now littered with Ashley Madison references and the resulting media coverage. Numerous articles about the website, the breach and its notable users (even down to the number of accounts using a government email address) have appeared online. Some individuals will even go so far as to create websites that highlight the hacked data and try to earn money off of the victims, much like “mug shot websites” that demand money in exchange for removing a person’s photograph from the site.
Even if you’re not a high profile person, when your information is leaked it is bound to be found by someone. Many people can’t resist looking and if they find your information, they’ll likely talk about it or even post their findings on social media, furthering the reputational harm. Many articles about the breach and its publicly-available nature note the sites that offer a way to search the leaked database, essentially telling anyone who reads the article how to go check the leaked information themselves.
Cease and desist letters may result in a few site takedowns, but distribution of data on the internet happens so quickly and abundantly that it’s nearly impossible to keep up. When this happens, you can’t turn a blind eye. You need to take the right steps to protect your name, especially if you rely on your personal brand.
A large number of news outlets and journalists have followed and reported on this particular data breach, even more so than some data breaches in the past. This is, of course, due to the salacious nature of Ashley Madison, putting victims’ reputations at a higher risk. When researching whether or not your data has been released, it’s important to keep a couple points in mind.
Companies maintain their own databases, meaning that while there may be best practices around security and data retention, you’re really at the mercy of each business you create an account with when it comes to protecting your data. Even if you deleted an account before a site gets hacked, unless the company is meticulous about wiping all information you can still be at risk.
In the Ashley Madison case, some reports suggest that traces of deleted accounts still existed, even for accounts going back as far as 2002. An old, forgotten and “deleted” account could potentially still cause trouble and hurt your reputation if a data breach occurs.
This threat holds true for every website that requires an email address to create an account, but doesn’t require email verification.
This is exactly the case with Ashley Madison, resulting in accounts created with email addresses that do not belong to the creator. Your email address could have been used to create an account without your knowledge, but that won’t stop your name from appearing on the leaked data lists that are now easily searchable online. A rumor doesn’t have to be true to hurt your reputation.
Whether your real data was leaked or your email was used fraudulently, the fear of “what will people think?” has led to countless requests for help from people who found their email address on the Ashley Madison list. Attempts to delete leaked data are fruitless, but you can realistically repair and manage your reputation. It’s important to be proactive about your online reputation if your email address is part of a reputation-damaging leak.
At this point, it’s impossible to take back what has already been released. The data exists in the public domain, meaning many people have already downloaded and redistributed it. Hacking Ashley Madison, or any site that posted the leaked information, with the intention of deleting the data won’t work—it has been duplicated and nothing can be done now to delete it for good.
Unfortunately, that hasn’t stopped fraudsters from preying on desperate victims with promises that they can make the information disappear. If you see an offer for Ashley Madison data deletion, don’t believe it. If a leak like this happens again, don’t trust those offers either.
Because leaked data is usually of a sensitive nature, blackmailers are bound to come out of the woodwork. It is alarming to receive an email threatening exposure if money isn’t sent, but the data that they have is nothing that isn’t already available. Don’t give into the blackmail attempts, and report it to the authorities.
If you believe your email account was used without your knowledge, amp up the security on all other accounts: social media, online bank accounts and any other personal accounts—it is better to be safe than sorry. Its best practice in data breach situations to change all your passwords (yes, on every site that requires a log in) and opt for any extra verification and security measures individual sites offer. Make sure you create a completely new, hard to guess password, don’t simply change one digit.
Reclaiming your online reputation after the Ashley Madison hack, or any similar sensitive data leaks that may take place in the future, can be difficult, but it’s not impossible. Because this data breach relies heavily on searches, monitoring your online presence is a necessity. Use available tools, including Fruition’s Online Reputation Management Tool or Google Alerts, to track your name—and reach out to a reputation management specialist if you see something you don’t like. While these professionals can’t make unwanted search results disappear entirely, they can take steps to push them off the first page and replace the unsavory results with positive information that’s good for your personal brand.
Jeff Williams is an SEO Project Manager at Fruition based in Denver, Colorado. Jeff uses his deep understanding of SEO and internet marketing to guide clients, optimize websites and ultimately improve search rankings.
President & Founder, Tru Family Dental
Marketing, Dependable Cleaners
President, Frame Destination
President & Founder, Family Travel Association