Ashley Madison data breach
Ashley Madison data breach — investigation commenced
25 August 2015
The Acting Australian Information Commissioner Timothy Pilgrim has opened an investigation into a data breach of the dating website Ashley Madison.
Avid Life Media Inc, the company that operates the Ashley Madison website, is based in Canada and, recognising the global nature of this incident, the Commissioner’s investigation will be conducted jointly with the Office of the Privacy Commissioner of Canada.
All organisations that carry on business in Australia and are covered by the Privacy Act 1988 (Privacy Act) have obligations in relation to the personal information that they hold. This includes taking reasonable steps to ensure that personal information is held securely. The Office of the Australian Information Commissioner’s (OAIC) investigation will focus on this issue.
Avid Life Media has already been co-operating with the OAIC since it began making preliminary inquiries following news that the breach had occurred. The OAIC will publish a further statement at the conclusion of its investigation, outlining its findings.
All individuals have the right to expect that their personal information will be managed in accordance with the Privacy Act. If individuals have concerns about how Ashley Madison have handled their personal information, they can complain directly to Ashley Madison by contacting firstname.lastname@example.org or 1800 885 723, or contact the OAIC’s Enquiries line on email@example.com or 1300 363 992.
Ashley Madison data breach
20 August 2015
The parent company of the Ashley Madison site, Avid Life Media Inc., is based in Canada. The Office of the Privacy Commissioner of Canada is in communication with Avid Life Media to determine how the breach occurred and what is being done to mitigate the situation. The Office of the Australian Information Commissioner (OAIC) has been liaising with the Office of the Privacy Commissioner of Canada regarding the breach, and has also been in contact with Avid Life Media directly about this issue.
The OAIC would urge those people reporting on the story to be cautious about republishing personal information that has been disclosed as part of this breach, or contacting individuals who have been identified in the published database. Initial reports suggest that some of the information contained in the published database is not accurate. Examples have already emerged of registered email addresses that contain the personal information of individuals who have not used the Ashley Madison site. Other standards or laws may also apply to journalists republishing personal information that has been exposed by this hack, particularly if there is no public interest justification in publishing individual details in order to report the wider story.