Love in the time of the NPP: privacy commissioner finds Cupid Media in breach

The Australian privacy commissioner has found that Cupid Media, the operator of more than 35 niche online dating websites, failed to take reasonable steps to secure personal information held on its websites and had therefore breached its obligations under the Privacy Act. The investigation was prompted by media allegations that the personal information of Cupid users, including full names, email addresses, passwords and dates of birth, had been found on a server operated by hackers. The nature of the niche dating websites also meant that the hackers had access to sensitive information including users’ sexual orientation, religious affiliations and racial and ethnic origins.

The privacy commissioner’s report indicates that in January 2013 Cupid identified a rogue file on its servers. Cupid’s investigations into the rogue file found that hackers had exploited a vulnerability in the application server platform that allowed them to access Cupid’s databases. A patch for the vulnerability had been released days before the attack. However, Cupid had not received notice from the developer that the patch was available (despite this being the usual practice). Cupid promptly applied the patch after becoming aware of its existence, which prevented the hackers from obtaining further data.

At the time of the data security breach, the Australian Privacy Principles (APPs) were not yet in force. Accordingly, the privacy commissioner considered whether Cupid had complied with the following National Privacy Principles, which required organisations to take reasonable steps to protect the personal information they hold from misuse and loss and from unauthorised access, modification or disclosure…

Click on the link below to read the rest of the DLA Piper briefing.

Sign in or Register to continue reading this article

Sign in

Register

It's quick, easy and free!

It takes just 5 minutes to register. Answer a few simple questions and once completed you’ll have instant access.

Register now

Why register to The Lawyer

 

Industry insight

In-depth, expert analysis into the stories behind the headlines from our leading team of journalists.

 

Market intelligence

Identify the major players and business opportunities within a particular region through our series of free, special reports.

 

Email newsletters

Receive your pick of The Lawyer's daily and weekly email newsletters, tailored by practice area, region and job function.

More relevant to you

To continue providing the best analysis, insight and news across the legal market we are collecting some information about who you are, what you do and where you work to improve The Lawyer and make it more relevant to you.

Briefings from DLA Piper

View more briefings from DLA Piper

Analysis from The Lawyer

View more analysis from The Lawyer

Overview

3 Noble Street
London
EC2V 7EE
UK
http://www.dlapiper.com

Turnover (£m): 1,566.29
No. of lawyers: 3,961 (UK 200)
Jurisdiction: global
No. of offices: more than 75
No. of qualified lawyers: 625 (International 50)

Jobs