My colleague Wynter Deagle recently wrote a post on Privacy & Security Matters discussing some implications and lessons from the recent Ashley Madison hack and data dump. It's important to understand the increased risk for employers this data dump created.
This large list of e-mail addresses is likely to be irresistible to those launching “phishing attacks” – that is, delivering malicious links or attachments containing malware in seemingly innocuous e-mails. This creates additional risk for intrusion into corporate networks where an employee may have used his or her work e-mail to register with Ashley Madison or checked a personal e-mail system at work. In addition, the vast array of leaked personal information could also be used to impersonate Ashley Madison users and gain access to, for example, corporate networks.
Additionally, the leak underscores poor security practices, including insufficient data encryption and poor data retention practices. Read the full post for background on the Ashley Madison hack and other privacy and security takeaways.