A group of “hacktivists” claiming to possess troves of user data stolen from the affair-arrangement site Ashley Madison appeared Tuesday to carry out its threat to leak the private data if the site wasn’t taken down.
The 9.7-gigabyte encrypted file now online purports to reveal the personal data of over 30 million Ashley Madison users, including their login details, payment transactions, names, street addresses and, yes, their self-described sexual fantasies. And one analysis of the massive data dump has left email and IT experts especially intrigued: Some 15,000 Ashley Madison accounts are registered to the .gov and .mil domains that host government and military email accounts.
Not all these government-related email addresses are likely to belong to authentic Ashley Madison users; the site doesn’t require its free users to validate their emails. But there’s a high likelihood a few would-be cheaters felt perfectly ok to use their work emails to sign up to cheat on their partners. What on earth were they thinking?
Will Schwalbe, co-author with David Shipley of SEND: Why People Email So Badly and How to Do It Better, has some answers: Employees who use a single device can easily blur the line between work and personal affairs, he says, and simply forget how exposed they are. Others might deliberately take a risk with their work accounts if they fear their other email accounts might be accessible by their spouses.
But there may be a lesson in these users apparent recklessness even for those who don’t frequent sites intended to set up affairs.
“The danger of using work email for personal business is that, if there’s some kind of legal issue that comes up at your workplace involves having to investigate emails, then every single thing you’ve done with your email work address is fair game,” Schwalbe says.
Lawyers agree the law in this case is on the employers’ side. “Courts have more or less unanimously determined that an employee who uses his or her work email for personal communications extinguishes an expectation of privacy,” says Anthony Oncidi, a Los Angeles-based labor and employment attorney at law firm Proskauer Rose.
And if you’re dallying on adult sites using your work address, that may be grounds for dismissal. While most jurisdictions prevent employers from taking adverse action against employees who, for example, engage in lawful but frowned-upon conduct when outside the office, companies are free to set their own rules when it comes to using work accounts for personal matters.
“[Under these circumstances] it wouldn’t really matter that it’s AshleyMadison.com, it could be a more innocuous website,” Oncidi says. “It’s still evidence that you’re using your work email address for something that clearly has nothing to do with the business.”
As Ashley Madison continues to probe the data theft, experts say there’s one simple lesson that all observers, federal government employees and beyond, should learn — that no one is too important to review some Email 101.
“People sometimes think, ‘What can be more basic than email?’” Schwalbe says. “But actually, it’s the single most dangerous piece of equipment in the office.”