A joint investigation by the Canadian and Australian governments looking at the hack of Ashley Madison found that the adult dating site lacked the proper safeguards to protect the personal information of its customers.
The report noted that despite placing several labels on the Ashley Madison homepage declaring the website secure, Avid Life Media (ALM), the site's parent organization, in reality did not safeguard the data in its possession.
“The Commissioners are of the view that ALM did not have appropriate safeguards in place considering the sensitivity of the personal information under PIPEDA [Personal Information Protection and Electronic Documents Act], nor did it take reasonable steps in the circumstances to protect the personal information it held under the Australian Privacy Act,” the report stated.
The report also found staff security training was lacking, it did not regularly assess security threats and the site retained user data indefinitely. ALM also retained user data after accounts were deactivated, which goes against the company's stated policy.