The website for cheaters, Ashley Madison, that was hit by a massive hack that exposed millions last year has agreed to bolster its data security after Australian and Canadian investigations found it to be "insufficient or absent," officials said Tuesday.
A joint investigation by the offices of the Australian and Canadian privacy commissioners concluded after more than one year that Avid Life Media, which operates the website, "had inadequate security safeguards and policies" in place prior to the July 2015 hack.
It also found that the company sought to deceive clients with a "phoney security trustmark" on its homepage meant to reassure users by suggesting it used a high level of security.
"Privacy breaches are a core risk for any organization with a business model based on the collection and use of personal information," Canadian Privacy Commissioner Daniel Therrien said in a statement.
"Where data is highly sensitive and attractive to criminals, the risk is even greater. Handling huge amounts of this kind of personal information without a comprehensive information security plan is unacceptable."
A report released by Therrien's office pointed to inadequate authentication processes for employees accessing the company's system remotely, careless storage of encryption keys and poor password protections.
The company, which rebooted under new leadership as an "open-minded dating" service last month, has agreed to bring its systems into compliance.
The website for cheaters, Ashley Madison, that was hit by a massive hack that exposed millions last year has agreed to bolster its data security after Australian and Canadian investigations found it to be “insufficient or absent,” officials said Tuesday.
A joint investigation by the offices of the Australian and Canadian privacy commissioners concluded after more than one year that Avid Life Media, which operates the website, “had inadequate security safeguards and policies” in place prior to the July 2015 hack.
It also found that the company sought to deceive clients with a “phoney security trustmark” on its homepage meant to reassure users by suggesting it used a high level of security.
“Privacy breaches are a core risk for any organization with a business model based on the collection and use of personal information,” Canadian Privacy Commissioner Daniel Therrien said in a statement.
“Where data is highly sensitive and attractive to criminals, the risk is even greater. Handling huge amounts of this kind of personal information without a comprehensive information security plan is unacceptable.”
A report released by Therrien’s office pointed to inadequate authentication processes for employees accessing the company’s system remotely, careless storage of encryption keys and poor password protections.
The company, which rebooted under new leadership as an “open-minded dating” service last month, has agreed to bring its systems into compliance.
