A presentation leaked by Impact Team shows that the company made $1.7 million in 2014 by charging users $19.00 to remove all of their personal information form the website.
"Users of the service want full discretion, they can pay to eliminate any trace of themselves from the site," the slide explains.
However, the leaked records show otherwise. One record posted by Impact Team shows the customer with a "paid delete" status, but purchase records kept by the company enabled the group to determine the customer and all of his account details.
[Note: Last year, Ars Technica covered this topic as it relates to Ashley Madison. The story offers additional information on the topic of paying to remove member data.]
In their announcement, Impact Team offered an apology to Mark Steele (ALM Director of Security).
"You did everything you could, but nothing you could have done could have stopped this."
ALM CEO Noel Biderman told journalist Brian Krebs that it's possible the attackers worked for his company at one point and had legitimate internal access.
"We're on the doorstep of [confirming] who we believe is the culprit, and unfortunately that may have triggered this mass publication. I've got their profile right in front of me, all their work credentials. It was definitely a person here that was not an employee but certainly had touched our technical services," Biderman said.
"We're not denying this happened," he added. "Like us or not, this is still a criminal act."
The company has made no other public statements. A search of the Ashley Madison and ALM websites on Sunday evening turned up no public disclosure or notice related to the incident.
Sign up for CIO Asia eNewsletters.