08:34 PM

Fallout From AOL's Data Leak Just Beginning

The fallout from AOL's unintended release of personal search data of 658,000 subscribers could include fines, lawsuits, and changes in law and policy regarding search queries.

AOL's release of subscribers' search data is an unprecedented event that could spark a change in Internet privacy rules or it could spark a series of lawsuits, according to experts.

Parry Aftab, executive director of, which claims to be the world's largest Internet safety and help group, said that if AOL violated its own privacy policy: "A lot of lawyers are going to be looking at the damages here. What were they thinking?"

Andrew Weinstein, AOL spokesperson, said during an interview Wednesday that the company's research team ignored internal policies by deciding to publish search terms on an open Web site designed to help academics. They did not vet their plan through AOL's privacy team, he said. They attached the information to user identification numbers intended to protect subscribers' anonymity.

Some users had searched their own names, telephone numbers and other information that, when combined, can be used to identify them.

Though Weinstein said that AOL did not violate its own privacy policy or federal laws prohibiting disclosure of private information to third parties, lawyers and privacy advocates disagreed.

During an interview Wednesday, Aftab described the people at AOL as being among the most trustworthy in the industry and said the release of information was uncharacteristic for a company that helped draft best practices. Still, she said that, if the Federal Trade Commission (FTC) finds that AOL violated its privacy agreement, it could fine the company.

"There could be really serious consequences," she said. "The lawyers and regulators will be all over this. The FTC has given fines in the millions of dollars for breaching privacy, but the real cost is going to be the brand."

Aftab said the very actions she takes to protect her privacy could have resulted in the publication of previously undisclosed facts. She said she searches her name, social security number, cell phone number and other data to make sure it has not been published on the Web.

In addition to searches that centered on health, financial and other carefully guarded topics, the data included taboo subjects like incest, masturbation and bestiality. Though AOL removed the information, mirror sites copied the data, which includes searches for anonymous help groups like Alcoholics Anonymous, as well as queries on issues like

1 of 3
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
Top IT Trends to Watch in Financial Services
IT pros at banks, investment houses, insurance companies, and other financial services organizations are focused on a range of issues, from peer-to-peer lending to cybersecurity to performance, agility, and compliance. It all matters.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on for the week of October 23, 2016. We'll be talking with the editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll