The settlement demands a "comprehensive" data security program that includes periodic security risk assessments (both internal and third-party) and "reasonable safeguards" against any potential attacks identified in those reports. Ashley Madison also has to be more truthful. It can't offer fake users, display bogus security awards or retain data from customers despite promising to wipe it clean. That last point is a sore one -- the site charged $19 for a "Full Delete" that supposedly eliminated all traces of your account, but hackers managed to get that info regardless.

Australia and Canada (Ashley Madison's home turf) have reached their own settlements, in part through data shared from the FTC.

It's doubtful that the penalty will change minds about Ashley Madison, at least not in the short term. It's been over a year since the July 2015 hack, and it will take a while longer to find out how well the infidelity site honors regulators' demands. Still, it brings a basic level of closure to those burned by Ashley Madison's willingness to play fast and loose with the truth.