Ashley Madison's Parent Company Violated Privacy Laws in Canada, Australia
The two countries launched an investigation after the 2015 breach of Avid Life Media Inc's computer network, when hackers exposed the personal details of millions who signed up for the site with the slogan 'Life is short. Have an affair.'
A photo illustration shows the Ashley Madison website displayed on a smartphone in Toronto, August 20, 2015. REUTERS/Mark Blinch
Ottawa: The parent company of infidelity dating website Ashley Madison was responsible for numerous violations of privacy laws at the time of a massive release of customer data in a cyber attack last year, privacy watchdogs in Canada and Australia said on Tuesday.
The two countries launched an investigation after the 2015 breach of Avid Life Media Inc's computer network, when hackers exposed the personal details of millions who signed up for the site with the slogan "Life is short. Have an affair."
The probe found the Toronto-based company had inadequate safeguards in place, including poor password management and a fabricated security trustmark on the website's home page.
The company, recently rebranded as Ruby Corp, has entered into agreements with authorities in both countries to comply with investigators' recommendations, which are enforceable in court.
The company is also the target of a US Federal Trade Commission investigation, Avid Life Media executives told Reuters in July.
The FTC's consumer protection unit investigates cases of deceptive advertising, including instances when consumers are told that their information is secure but then it is handled sloppily.
The FTC could not immediately be reached for comment.
The investigation conducted jointly by the Office of the Privacy Commissioner of Canada and the Office of the Australian Information Commissioner found that certain information security safeguards were insufficient or absent at the time of the hacking attack.
While the company did have some personal information protections in place, it fell short in implementing those measures, the report found. For instance, it said some passwords and encryption keys were stored as plain, identifiable text on the company's systems.
At the time of the breach, Ashley Madison's home page displayed various trustmarks suggesting a high level of security, including an icon labelled "trusted security award," the report said. Company officials later admitted they had fabricated the trustmark and removed it.
The company also inappropriately retained some personal information after profiles had been deactivated or deleted by users and did not adequately ensure the accuracy of customer email addresses, the report said. This meant that some people who had never signed up for Ashley Madison were included in databases published online after the hack, it said.
Among the investigators' recommendations, Ruby will have until the end of the year to complete a review of the protections it has in place for the protection of personal information. The company said on Tuesday the review was a key priority and already underway.
Get the best of News18 delivered to your inbox - subscribe to News18 Daybreak. Follow News18.com on Twitter, Instagram, Facebook, Telegram, TikTok and on YouTube, and stay in the know with what's happening in the world around you – in real time.
Recommended For You
- Saif Ali Khan, Kareena Kapoor, Taimur Forget Way to Pataudi Palace, Locals Catch Them for Selfies
- Priyanka Chopra Plans the Perfect Birthday Outing for Nick Jonas
- After Burning it Out at The Gym, Disha Patani Slays the Dance Floor with Killer Moves
- If Your iPhone Has a True Depth Camera, You Can Now Take 3D Selfies on Snapchat
- Cristiano Ronaldo Says Sex with Girlfriend is Better Than his Best Goal