Data breaches don't get much worse for victims than the 1 that hit the infidelity-matching site Ashley Madison this week.
Hackers who had previously broken into the site's servers and stolen many gigabytes' worth of its most sensitive data on users apparently dumped that data on to the Internet. Now it's available to anyone with a PC, a BitTorrent program and an Internet connection to download, and several sites have been set up to search the database for a particular name or email address.
Moral judgments aside, Ashley Madison customers affected by the hack now have a problem that may be even bigger than explaining their presence on the site to a significant other: ID theft.
Along with information like names, addresses and the type of extramarital arrangement they were looking for, the hack exposed information on 9,693,860 credit and debit card transactions conducted on the site since 2008, according to The Verge.
The full card numbers and billing addresses were redacted, according to an analysis of the data by Ars Technica. But it seems likely that The Impact Team -- the hackers who perpetrated the breach -- have the full payment info, and there's nothing stopping them from selling it on the black market. With that information, criminals could attempt to clone Ashley Madison users' debit and credit cards to commit fraud, or conduct a full-scale identity theft campaign.
While the 39 million Ashley Madison users who were outed in the attack probably have plenty of other stuff to deal with right now, it might be a good idea for them to contact the bank that issued whatever debit or credit cards they used on the site and order new ones. If they're really worried, a credit freeze may be a good idea.
Bankrate also has a free tool called myBankrate that allows anyone to keep an eye on their credit report in case anyone tries to open up new accounts in their name, which might prove useful to those caught up in the hack.
Anyone out there dealing with fallout from the Ashley Madison hack? Any ID theft or fraud problems yet?
Follow me on Twitter: @claesbell.