The owner of dating site Ashley Madison has agreed to pay $1.6 million to settle a Federal Trade Commission investigation and state charges related to the huge 2015 data breach, the FTC announced Wednesday.

“This case represents one of the largest data breaches that the FTC has investigated to date, implicating 36 million individuals worldwide,” FTC Chairwoman Edith Ramirez said in a news release. “The global settlement requires AshleyMadison.com to implement a range of more robust data security practices that will better protect its users’ personal information from criminal hackers going forward.”

Ruby, the Canadian company that owns Ashley Madison, said the proposed settlement will help the company and its members move on.

“Today’s settlement closes an important chapter on the company’s past and reinforces our commitment to operating with integrity and to building a new future for our members, our team and our company,” said chief executive Rob Segal in a statement. Segal was appointed in April and has sought to rebrand the company, including changing its name from Avid Life Media to Ruby.

The Ashley Madison hack was notable in part because the site aimed to help people discretely cheat on their significant others, yet the data breach left personal information about its users exposed. Hackers who called themselves the Impact Group posted a large cache of data stolen from the site online, which was quickly turned into a searchable database that wreaked havoc on some users’ lives.

It also revealed that the site created fake users to lure men into paying for premium messaging service — a practice the FTC calls deceptive has cracked down on before.

Ruby has since said it stopped using bots. Under the terms of the proposed settlement Ruby would be barred from using such deceptive practices in the future and required to set up a comprehensive security plan, according to the FTC.

The proposed settlement calls for an $8.75 million judgment against Ruby, but the company won't actually be on the hook for that amount. Instead, the bulk of that figure will be “partially suspended” after it pays $828,500 to the commission, according to the FTC’s news release. Ruby will also have to pay $828,500 to a coalition of 13 states and the District of Columbia which worked with the FTC on the settlement. The total amounts to more than $1.6 million. If the government finds that the company misrepresented its financial circumstances, then Ruby may have to pay the full judgment. The deal will become official once a federal district court judge signs off on it.

Ruby had already entered into a compliance agreement with Canadian privacy regulators that requires the company to improve its security and made similar arrangements with Australian authorities. Officials from both countries collaborated on an earlier investigation of the breach and assisted the FTC's investigation, according to the agency’s news release.

“In the digital age, privacy issues can impact millions of people around the world,” Canadian Privacy Commissioner Daniel Therrien said in a statement. “It’s imperative that regulators work together across borders to ensure that the privacy rights of individuals are respected no matter where they live.”