Security Market Segment LS


JUser: :_load: Unable to load user with ID: 3653
Wednesday, 25 June 2014 16:47

Cupid Media breaks heart of Privacy Commissioner after users hacked Featured


An online dating company has been slammed by Australia's privacy commissioner after it breached privacy laws, with hackers accessing the personal information of about 254,000 Australians.

Australian Privacy Commissioner Timothy Pilgrim announced today Cupid Media breached the Privacy Act by failing to take reasonable steps to secure data held on its websites.

Cupid, based in Southport on the Gold Coast, is a niche operator in the Australian dating website market, running more than 35 niche dating websites such as ChristianCupid, MilitaryCupid, SingleParentLove and other sites based on ethnicity, religion and location.

Hackers gained unauthorised access to Cupid servers in January last year and stole the personal information of what was believed to be 42 million users across the globe.

This number included over 250,000 Australian Cupid site users, and the data stolen included their full name, date of birth, email addresses and passwords.

The Office of the Information Commissioner (OAIC) did not receive a data breach notification from Cupid Media, and only opened the investigation following media reports.

The investigation found that Cupid Media breached the Privacy Act by failing to take “reasonable steps” to secure users’ personal information.

“Password encryption is a basic security strategy that may prevent unauthorised access to user accounts. Cupid Media insecurely stored passwords in plain text, and I found that to be failure to take reasonable security steps as required under the Privacy Act,” Pilgrim said in a statement.

In 2013, the company did not have password encryption processes in place, and it was found Cupid Media also failed to destroy or de-identify the details of people who had left the site.

“Holding onto old personal information that is no longer needed does not comply with the Privacy Act and needlessly places individuals at risk. Organisations must identify out of date personal information and have a system in place for securely disposing of it,” Pilgrim said.

"Installation of malicious software (malware) detection and prevention software (including antivirus software) is a reasonably affordable security step that can assist organisations to prevent attacks by malicious hackers and the damage caused by malware," he said.

Pilgrim did note however that Cupid Media subsequently took a number “of remedial steps” including the adoption of password encryption following the breach.

The company also sent out notifications to all affected users and encouraging them to reset their passwords, and analysed server logs and tracked the hack method to ensure the breach had been contained.

Pilgrim's advice to Australians who use dating websites is to update their privacy settings regularly, change their passwords and “be careful” about the personal information they share online.

“You don’t want to become a victim of identity theft or a scam,” he said.

The Commissioner noted Cupid’s collaborative and cooperative approach in working with the Office of the Australian Information Commissioner (OAIC) during the investigation, as well as the significant remedial steps taken by Cupid in response to the data breach.

‘I encourage organisations to proactively notify the OAIC of a data breach so that we can work with them and assist with appropriate remediation if necessary’.

The OAIC has issued a data breach notification guide that outlines steps businesses and agencies can take to respond to, and mitigate the results of, data breaches.

For more information about how to recognise, avoid and report scams visit the SCAMwatch website.

Read 4960 times

Please join our community here and become a VIP.

Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here


The past year has seen a meteoric rise in ransomware incidents worldwide.

Over the past 12 months, SonicWall Capture Labs threat researchers have diligently tracked the meteoric rise in cyberattacks, as well as trends and activity across all threat vectors, including:

Encrypted threats
IoT malware
Zero-day attacks and more

These exclusive findings are now available via the 2022 SonicWall Cyber Threat Report, which ensures SMBs, government agencies, enterprises and other organizations have the actionable threat intelligence needed to combat the rising tide of cybercrime.

Click the button below to get the report.



It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site and prominent Newsletter promotion and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinars and campaigns and assistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.



Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News