The investigation conducted jointly by the Office of the Privacy Commissioner of Canada and the Office of the Australian Information Commissioner found certain information security safeguards were insufficient or absent at the time of the hacking attack.
While the company did have some personal information protections in place, it fell short in implementing those measures, the report found.
Company officials later admitted they had fabricated the trustmark, and removed it.
The company also inappropriately retained some personal information after profiles had been deactivated or deleted by users and did not adequately ensure the accuracy of customer email addresses, the report said.
This meant some people who had never signed up for Ashley Madison were included in databases published online after the hack, it said.
Ashley Madison dating website: a joint investigation by the offices of the Australian and Canadian privacy commissioners has concluded that Avid Life Media, which operates the website, “had inadequate security safeguards and policies” in place prior to a July 2015 hack.
Photograph: Philippe Lopez/AFP/Getty The parent company of infidelity dating website Ashley Madison was responsible for numerous violations of privacy laws at the time of a massive release of customer data in a cyber attack last year, privacy watchdogs in Canada and Australia said on Tuesday.
The two countries launched an investigation after the 2015 breach of Avid Life Media’s computer network, when hackers exposed the personal details of millions who signed up for the site with the slogan “Life is short.Have an affair.” The investigation found the Toronto-based company had inadequate safeguards in place, including poor password management and a fabricated security trustmark on the website’s home page.The company, recently rebranded as Ruby Corp, has entered into agreements with authorities in both countries to comply with investigators’ recommendations, which are enforceable in court.The company is also the target of a US Federal Trade Commission (FTC) investigation, Avid Life Media executives told Reuters in July.The FTC’s consumer protection unit investigates cases of deceptive advertising, including instances where consumers are told their information is secure but it is handled sloppily.The FTC could not immediately be reached for comment.