SACRAMENTO -- The release of hacked data from the self-proclaimed cheater site Ashley Madison could be disastrous for more than just marriages. For some of the thousands of people who used their work e-mail addresses to sign up on the website -- including more than a few in government -- the fallout could spill over to their professional lives.

A Chronicle review of the data dump found that scores of California residents used e-mail accounts issued to them by city, county and state agencies as well as public schools and universities. There are prison guards, professors, safety regulators, court employees and cops. At least two people appear to have used their San Francisco city government e-mail to log on.

"This is concerning," said Susan Gard, chief of policy for San Francisco's Human Resources Department.

While security experts believe the data to be authentic, it's possible that some accounts were created with phony e-mail addresses. Still, Gard said the city was taking the issue seriously and planned to investigate the potential misuse of government-issued e-mail addresses. City policy states that misuse of e-mails could result in disciplinary action or termination.

"This is about integrity of our city work force and appropriate use of work resources," Gard said. "We don't know anything yet. We will look into the situation and whether there was inappropriate use of e-mail going on."

Use taken seriously

In a statement, state Department of Technology spokeswoman Teala Schaff said, "Any misuse of state resources is a concern and is taken seriously and investigated accordingly."

Bill Sessa, a spokesman for the state corrections department, said a quick scan of the list of agency employees with purported Ashley Madison accounts appeared to reveal fake e-mails.

The scope of the hack reaches far beyond the Bay Area. Hundreds of U.S. government workers -- including many with sensitive jobs in the White House and the Justice Department -- used Internet connections from inside federal offices to log onto Ashley Madison, according to the Associated Press.

E-mail addresses linked to military personnel have also raised concerns. The Marine Corps is investigating hundreds of e-mail accounts in the hacked data linked to the Ashley Madison site and an affiliated site, Established Men, which promises to connect beautiful women with wealthy men, said U.S. Marine Corps spokesman Maj. Christian Devine in a statement.

"What were they thinking?" asked Deborah Rhode, a Stanford law professor. "I think it reflects a culture in which people's work and personal lives spill over, especially when it comes to technological issues."

Rhode said many people don't think anything of doing Christmas shopping online while at work, or responding to work e-mails on their own time from their home computer.

"There's a kind of rationalization that a lot of them work from home, so it's a two-way street -- if they are doing work-related things on personal time, what's the problem with doing personal things on work time?" she said.

Rhode said many companies have policies against the private use of work equipment, which could put jobs in danger. But companies going as far as firing someone in the wake of the Ashley Madison scandal is unlikely, she said.

"I think there would be a real reluctance to single out a few people just because this personal use is so offensive, when the vast majority of people get away with it," Rhode said. "That said, I think the shaming option is a pretty good one. Expose them."

Stanley Goldman, a professor at Loyola Law School in Los Angeles who teaches ethics, said companies might be reluctant to dismiss an employee for being on the list.

"There is no doubt employers are afraid of lawsuits more than they are of bad publicity," Goldman said.

"If you had a professor on one of those sites, some school might find it violates some sort of principle they have," he said. "But if the professor is tenured, it might be very difficult to get rid of them. The school might be buying its way into a lawsuit."

Hundreds of e-mail addresses tied to universities showed up in the hack, including from UC Berkeley, UCLA and UC San Francisco.

A California state employee whose information was exposed by the hack told The Chronicle that he may have created the profile on Ashley Madison, "but I can certainly say definitely I never used the services." The employee, who spoke on condition of anonymity, said he didn't remember creating a user name and that his heart sank when contacted Thursday about his use of the site.

"The (personal) violation is all the more stark when you get called," he said. "It's incredibly uncomfortable."

The worker said he used his government e-mail for a "vast majority" of his communications. He said he planned to speak to his wife, but would hold off on talking to his bosses.

The anonymous hackers, who identified themselves as Impact Group, released another set of hacked data said to be from the Ashley Madison site Thursday.

The hackers warned Avid Life Media, the owner of Ashley Madison, that if the sites weren't shut down, the group would release "all customer records, including profiles with all the customers' secret sexual fantasies and matching credit card transactions, real names and addresses, and employee documents and e-mails."

Taunting from hackers

The hackers toyed with Avid Life Media, calling their conquest easy.

"For a company whose main promise is secrecy, it's like you didn't even try, like you thought you had never pissed anyone off," the group wrote after dumping the data on the dark Web.

Within hours, several websites popped up offering search engines that allowed people to hunt for the names of spouses and others. The engines made it easy for companies and government agencies to search for employees, if they had the inclination.

Melody Gutierrez and Emily Green are San Francisco Chronicle staff writers. E-mail:, Twitter: @MelodyGutierrez and @EmilyTGreen


©2015 San Francisco Chronicle

Visit the San Francisco Chronicle at

Distributed by Tribune Content Agency, LLC.