We all remember the Ashley Madison data breach [view related posts here and here]. The hackers, calling themselves “The Impact Team” requested that the Ashley Madison extramarital affair site, and Cougar Life and Established Men sites be “taken down.” When they weren’t, they posted details (9.7 gigabites worth) to the dark web of approximately 37 million users.
Of course, lawsuits were filed (we are not counting, but reportedly “hundreds”) by anonymous plaintiffs. The judge ruled that the named plaintiffs had to identify themselves if they wanted to represent the class.
In a recent twist, the plaintiffs’ lawyers have informed the court that e-mails between the owner of Ashley Madison and its lawyers were part of the information that was posted online and subsequently viewed by members of the media. Following media reports that there are emails between the company and their lawyers that mention “methods of hiding the fake female profiles from Ashley Madison members,” the plaintiffs’ attorneys have petitioned the court to use those emails to help prove that Ashley Madison defrauded its members.
Usually, emails between an attorney and client are protected by the attorney-client privilege. In this case, since the emails were leaked and posted online, they were available to the public. The plaintiffs are trying to use the crime-fraud exception to the attorney-client privilege to allow use of the documents in the litigation. Ashley Madison says “stolen documents do not lose their privileged status because they are published without the consent of the privilege holder.”
We will be watching this issue closely as it appears to be a case of first impression of whether a litigant can use hacked documents to support claims against the hacked company.