PRIVACY COMMISSIONER FINDS CUPID MEDIA IN BREACH -
Earlier last week the Australian Privacy Commissioner found that Cupid Media Pty Ltd (Cupid), the operator of over 35 niche online dating websites, failed to take reasonable steps to secure personal information held on its websites and had therefore breached its obligations under the Privacy Act. The investigation was prompted by media allegations that the personal information of Cupid users, including full names, email addresses, passwords and dates of birth had been found on a server operated by hackers. The nature of the niche dating websites also meant that the hackers had access to sensitive information including users' sexual orientation, religious affiliations and racial and ethnic origins.
The Privacy Commissioner's report indicates that in January 2013 Cupid identified a rogue file on its servers. Cupid's investigations into the rogue file found that hackers had exploited a vulnerability in the application server platform which allowed them to access Cupid's databases. A patch for the vulnerability had been released days before the attack, however Cupid had not received notice from the developer that the patch was available (despite this being the usual practice). Cupid promptly applied the patch after becoming aware of its existence which prevented the hackers from obtaining further data.
Please see full alert below for more information.
Firefox recommends the PDF Plugin for Mac OS X for viewing PDF documents in your browser.
We can also show you Legal Updates using the Google Viewer; however, you will need to be logged into Google Docs to view them.
Please choose one of the above to proceed!
LOADING PDF: If there are any problems, click here to download the file.