The city of Plano said it is investigating at least two employees after their city email addresses appeared on a list linked to a website for cheaters.
The information came to light after hackers posted millions of account holders' email addresses they claimed to have stolen from AshleyMadison.com, the matchmaking website geared toward men and women who want to cheat on their spouses.
"The city’s policy allows personal use of the city's email accounts if it does not interfere with employees' work responsibilities or productivity. However, the use must be proper and in compliance with the parameters outlined in the policy," said city of Plano Human Resources Director Shanté R. Akafia. "We find it unfortunate that an employee of the city of Plano allegedly elected to use an official work email account for an inappropriate personal purpose such as this. Therefore, we have begun the process of investigating this matter."
Akafia would not reveal any other details about the employees involved, citing that it was a personnel issue.
Before releasing the information, a group calling itself Impact Team said the site's owners had not bowed to their demands, so "now everyone gets to see their data."
The list appears to have exposed the names, email addresses and credit card numbers for millions of users, as well as the amounts they paid.
Neither NBC nor the Associated Press has been able to determine the authenticity of the leaked documents, but several security analysts who have scanned the data say they believe the dump is genuine. One of them, Errata Security CEO Rob Graham, said he had counted more than 36 million accounts, although he said many appeared to be bogus.
The Canadian-based website said the data release is "an act of criminality" and an "attack on freethinking people who choose to engage in fully lawful online activities."
Meanwhile, the website's owner, Toronto-based Avid Life Media Inc., said it is cooperating with Canadian and U.S. authorities who are investigating the computer hack, and studying the data to see if it was really stolen from the website.