Canadian Security Magazine

News Data Security
Privacy officials: Ashley Madison’s security was inadequate

Privacy officials in Canada and Australia have found that while Ashley Madison marketed itself as a discreet and secure service, the site for married people seeking affairs in fact had inadequate security safeguards and policies.

More than a year after a massive data breach that made international headlines, the Office of the Privacy Commissioner of Canada and the Office of the Australian Information Commissioner say their investigation into Ashley Madison has identified numerous violations of the privacy laws of both countries.

In a report released Tuesday, the two agencies say there was a lack of a comprehensive privacy and security framework, even though the site’s parent company knew how important it was, and even went so far as to place a fake security trustmark icon on its home page to reassure users.

Though the company did have some security measures in place, the report found several issues, including inadequate authentication processes for employees accessing the company’s system remotely and poor key and password management practices.

Last year’s hack exposed the personal dealings and financial information of millions of purported clients.


Ashley Madison’s parent company, Ruby Corp. — formerly known as Avid Life Media — has said the cyberattack cost it about a quarter of its annual revenue.

News from © Canadian Press Enterprises Inc. 2016