Love In The Time Of The NPP



Earlier last week the Australian Privacy Commissioner found that Cupid Media Pty Ltd (Cupid), the operator of over 35 niche online dating websites, failed to take reasonable steps to secure personal information held on its websites and had therefore breached its obligations under the Privacy Act. The investigation was prompted by media allegations that the personal information of Cupid users, including full names, email addresses, passwords and dates of birth had been found on a server operated by hackers. The nature of the niche dating websites also meant that the hackers had access to sensitive information including users' sexual orientation, religious affiliations and racial and ethnic origins.

The Privacy Commissioner's report indicates that in January 2013 Cupid identified a rogue file on its servers. Cupid's investigations into the rogue file found that hackers had exploited a vulnerability in the application server platform which allowed them to access Cupid's databases. A patch for the vulnerability had been released days before the attack, however Cupid had not received notice from the developer that the patch was available (despite this being the usual practice). Cupid promptly applied the patch after becoming aware of its existence which prevented the hackers from obtaining further data.

Please see full alert below for more information.

LOADING PDF: If there are any problems, click here to download the file.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© DLA Piper | Attorney Advertising

Written by:


DLA Piper on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.