Tag: Ashley Madison

1
Ashley Madison data breach joint findings released
2
Ashley Madison Hackers Release User Data
3
Ashley Madison Data Security Breach

Ashley Madison data breach joint findings released

By Cameron Abbott and Rebecca Murray

The Australian Privacy Commissioner, Timothy Pilgrim and The Privacy Commissioner of Canada, Daniel Therrien have released a joint report on the data breach of cheating website Ashley Madison which affected approximately 36 million Ashley Madison user accounts last year. Read our post on the breach here.

Controversially, despite the company not having a physical presence in Australia, the Commissioners found that Ashley Madison’s parent company Avid Life Media (ALM) was regulated as an “APP entity” due to the fact that it carried on business and collected personal information in Australia. This finding was based on the fact that ALM conducted marketing in Australia, targeted Australian residents for its services and collected the personal information of Australians.

ALM agreed to a number of enforceable undertakings to the Commissioner. Amongst other things, ALM has undertaken to augment its security framework, provide extensive security training for staff and cease its practice of retaining the information of users with deleted, deactivated or inactive accounts. Consistent with the trend in undertakings it requires independent verification of certain compliance steps. Find the undertakings here.

It also seeks to address the accuracy of the records, which is a challenge for a cheating website. Letting someone sign up using for example Tony Blair’s email address captured the attention of the regulators. They focused on the interests under Privacy laws of those whose email addresses were falsely added to the sign up. A confirming email with an option to opt out was not considered an adequate measure.

Read more about the report here.

Ashley Madison Hackers Release User Data

By Cameron Abbott and Melanie Long

On 19 August 2015 the group known as ‘The Impact Team’, who a month earlier hacked into online affair website Ashley Madison, made good on its threat and released a “data dump” of Ashley Madison users’ personal information. A second and larger release of stolen data occurred 2 days later and appears to have included emails sent by Noel Biderman, Ashley Madison’s founder and CEO of parent company Avid Life Media.

Following the release of the stolen data, acting Australian Information Commissioner, Timothy Pilgrim, announced the launch of an investigation into the breach which is to be conducted in liaison with the Office of the Privacy Commissioner of Canada (where Avid Life Media is based). On 28 August 2015 Noel Biderman stepped down from his role as CEO of Avid Life Media.

Read the ABC news’ article in relation to the first data release here.

ABC news’ article relating to second data release can be found here.

The Office of the Australian Information Commissioner’s press release relating to its investigation can be found here.

 

Ashley Madison Data Security Breach

By Cameron Abbott and Melanie Long

On 19 July 2015 the Avid Life Media dating website Ashley Madison, which is aimed at married people who want to have an affair, was hacked by a group known as ‘The Impact Team’. The Impact Team has threatened to release users’ profiles if Ashley Madison and other Avid Life Media websites such as Established Men and Cougar life are not shut down. The Impact Team claims to have stolen the details (including names, addresses, credit card numbers and personal sexual fantasies) of over 37 million users.

The story was broken by Brian Krebs, a former cyber crime writer for the Washington Post, on his blog ‘Krebs on Security’. A link to his article, which includes a statement made by Avid Life Media following the hack, can be found here.

Copyright © 2019, K&L Gates LLP. All Rights Reserved.