It’s been almost two years since extramarital affair website Ashley Madison was hacked and had its members’ details exposed online. Now, the firm’s parent company is paying the price for its security failings.

Ruby Corp, formerly known as Avid Life Media, has agreed to settle a class-action lawsuit filed on behalf of the 37 million users who found their personal information leaked online in August 2015.

While the company denies any wrongdoing, it has agreed to compensate US residents that used the website on or before 20 July 2015, who “submit valid claims for alleged losses resulting from the data breach and alleged misrepresentations.” Class members are set to receive up to $3500 based on their documented losses, once a federal judge approves the settlement.

Ruby’s statement on the matter may come as a relief to those who appeared in the leak. It claims that the account credentials were not verified for accuracy and some may have been created using other individuals’ information. Meaning that even if a person's name did appear in the data dump, they might not have been an Ashley Madison member, apparently.

Reuters reports that the breach cost Ruby Corp more than a quarter of its revenue, and resulted in it spending millions of dollars to improve security and user privacy.

This is the second time Ruby Corp has made a payout while denying liability. The company paid $1.6 million last December to settle an FTC probe into its lax security and deceptive practices – millions of “female” accounts on the site were actually bots operated by Ashley Madison.

The fallout from the 2015 incident was extensive. It led to some members of Ashley Madison, which used the slogan "Life is short. Have an affair," losing their jobs and families. It even caused a small number of reported suicides, including that of a priest in Louisiana.