The parent companies of Toronto-based AshleyMadison.com have been hit with a Canadian class action lawsuit for a massive breach of sensitive user information, as the hackers responsible claim to have released a second batch of stolen data.

The lawsuit alleges the privacy of thousands of Canadians was compromised when the first leak of personal information emerged online Tuesday.

The enormous trove included the full names, street addresses and partial credit card numbers of 1.2 million customers who had paid for the infidelity-promoting online dating service.

The Star is not publishing any of the names uncovered in the data. The information cannot be verified, and the credit card information may have been falsified or the owner a victim of identity theft. All of the site’s members are consenting adults.

So far, Eliot Shore of Ottawa is the only plaintiff in the action, which was filed in Windsor, Ont., late Thursday afternoon. A disabled widower, Shore says he used the site for a short time after his wife of 30 years died last year, and never used it to meet anyone in person.

“I’m not cheating on anybody,” Shore said.

“Unfortunately, my wife passed away of breast cancer last year. I was just looking for a little bit of company. But that was the extent of it. I sent a few emails. I never met a soul though.”

The Impact Team, the anonymous group of hackers that claims responsibility for the data dump, is not named in the lawsuit. Ted Charney of Charney Lawyers, one of the two firms that filed the suit, alleges Ashley Madison is ultimately responsible.

“The subscribers were purchasing a service from Ashley Madison, and the main ingredient of the service was confidentiality and anonymity in using the website. That is the way Ashley Madison sold the product,” Charney said in an interview. “If they were not able to protect people and maintain their confidentiality, then in our opinion, they are liable for the privacy breach.”

If the suit is certified, Charney estimated it could be worth $760 million, depending on how many Canadians sign up. He said that 50 people had already been in touch about joining.

Ashley Madison did not immediately return a request for comment. After the original breach, parent company Avid Life Media Inc. condemned the hack as an “act of criminality” and said it was working with law enforcement on both sides of the border.

“It is an illegal action against the individual members of AshleyMadison.com,” the company said in a statement.

Apparently undeterred, Impact Team claimed to have struck again on Thursday, updating their original message on the dark web — a part of the Internet not reachable by search engines — to announce a second batch of data was available for the public to download.

“Hey Noel, you can admit it’s real now,” the message said, presumably directed at company CEO Noel Biderman.

This release has not yet been verified, but is roughly double the size of Tuesday’s files.

The sheer scope and personal nature of the data that became public earlier this week continues to emerge.

More than 823,000 of the 9.6 million credit card transactions are recorded as having a Canadian street address. Those purchases, which date back to 2008, amount to more than $50 million in total.

The contact fields of the detailed credit card transactions include more than a dozen federal email addresses linked to government departments including the Canadian Forces and the RCMP.

The breach has also revealed that hundreds of U.S. government employees, including some with sensitive jobs in the White House, Congress and law enforcement agencies, used Internet connections in their federal offices to access and pay membership fees to Ashley Madison.

The Associated Press traced many of the accounts exposed by hackers back to U.S. federal workers. They included at least two assistant U.S. attorneys; an information technology administrator in the Executive Office of the President; a division chief, an investigator and a trial attorney in the Justice Department; a government hacker at the Homeland Security Department and another DHS employee who indicated he worked on a U.S. counterterrorism response team.

A portion of the dumped data contains the personal details the dating site’s users listed on their profiles, such as their date of birth, height, weight, eye colour and ethnicity. There are more than 36 million profiles, although that number is almost certainly inflated by accounts that are inactive or fake.

In the wake of the breach, several websites sprang up offering to help suspicious spouses search the leaked information for their partner.

Loading... Loading... Loading... Loading... Loading... Loading...

But the company investigating the breach for Ashley Madison confirmed Thursday the website doesn’t verify email addresses used to sign up for the service.

“This means that anyone could have used any email address to sign up for an account,” Joel Eriksson, the chief technology officer for Toronto cybersecurity company Cycura, said in an email.

“So a list of email addresses is not proof of anyone’s membership.”