Security Market Segment LS
×

Warning

JUser: :_load: Unable to load user with ID: 3653
Wednesday, 25 June 2014 16:47

Cupid Media breaks heart of Privacy Commissioner after users hacked Featured

By

An online dating company has been slammed by Australia's privacy commissioner after it breached privacy laws, with hackers accessing the personal information of about 254,000 Australians.

Australian Privacy Commissioner Timothy Pilgrim announced today Cupid Media breached the Privacy Act by failing to take reasonable steps to secure data held on its websites.

Cupid, based in Southport on the Gold Coast, is a niche operator in the Australian dating website market, running more than 35 niche dating websites such as ChristianCupid, MilitaryCupid, SingleParentLove and other sites based on ethnicity, religion and location.

Hackers gained unauthorised access to Cupid servers in January last year and stole the personal information of what was believed to be 42 million users across the globe.

This number included over 250,000 Australian Cupid site users, and the data stolen included their full name, date of birth, email addresses and passwords.

The Office of the Information Commissioner (OAIC) did not receive a data breach notification from Cupid Media, and only opened the investigation following media reports.

The investigation found that Cupid Media breached the Privacy Act by failing to take “reasonable steps” to secure users’ personal information.

“Password encryption is a basic security strategy that may prevent unauthorised access to user accounts. Cupid Media insecurely stored passwords in plain text, and I found that to be failure to take reasonable security steps as required under the Privacy Act,” Pilgrim said in a statement.

In 2013, the company did not have password encryption processes in place, and it was found Cupid Media also failed to destroy or de-identify the details of people who had left the site.

“Holding onto old personal information that is no longer needed does not comply with the Privacy Act and needlessly places individuals at risk. Organisations must identify out of date personal information and have a system in place for securely disposing of it,” Pilgrim said.

"Installation of malicious software (malware) detection and prevention software (including antivirus software) is a reasonably affordable security step that can assist organisations to prevent attacks by malicious hackers and the damage caused by malware," he said.

Pilgrim did note however that Cupid Media subsequently took a number “of remedial steps” including the adoption of password encryption following the breach.

The company also sent out notifications to all affected users and encouraging them to reset their passwords, and analysed server logs and tracked the hack method to ensure the breach had been contained.

Pilgrim's advice to Australians who use dating websites is to update their privacy settings regularly, change their passwords and “be careful” about the personal information they share online.

“You don’t want to become a victim of identity theft or a scam,” he said.

The Commissioner noted Cupid’s collaborative and cooperative approach in working with the Office of the Australian Information Commissioner (OAIC) during the investigation, as well as the significant remedial steps taken by Cupid in response to the data breach.

‘I encourage organisations to proactively notify the OAIC of a data breach so that we can work with them and assist with appropriate remediation if necessary’.

The OAIC has issued a data breach notification guide that outlines steps businesses and agencies can take to respond to, and mitigate the results of, data breaches.

For more information about how to recognise, avoid and report scams visit the SCAMwatch website.

BUSINESS WORKS BETTER WITH WINDOWS 1O. MAKE THE SHIFT

You cannot afford to miss this Dell Webinar.

With Windows 7 support ending 14th January 2020, its time to start looking at your options.

This can have significant impacts on your organisation but also presents organisations with an opportunity to fundamentally rethink the way users work.

The Details

When: Thursday, September 26, 2019
Presenter: Dell Technologies
Location: Your Computer

Timezones

QLD, VIC, NSW, ACT & TAS: 11:00 am
SA, NT: 10:30 am
WA: 9:00 am NZ: 1:00 pm

Register and find out all the details you need to know below.

REGISTER!

ADVERTISE ON ITWIRE NEWS SITE & NEWSLETTER

iTWire can help you promote your company, services, and products.

Get more LEADS & MORE SALES

Advertise on the iTWire News Site / Website

Advertise in the iTWire UPDATE / Newsletter

Promote your message via iTWire Sponsored Content/News

Guest Opinion for Home Page exposure

Contact Andrew on 0412 390 000 or email [email protected]

OR CLICK HERE!

VENDOR NEWS & EVENTS

REVIEWS

Recent Comments