The Australian Privacy Commissioner concluded its investigation of Cupid Media and found that the company breached the country's Privacy Act 1988 by failing to secure users' personal information.

The government ruling comes after the dating website group announced that 254,000 of its users' names, dates of birth, email addresses and passwords were stolen in a January 2013 breach, according to a press release. The commissioner's investigation of the breach found that Cupid Media had no password encryption processes in place during the breach.

However, because of its cooperation and remedial response, Cupid Media has no fines to pay or further steps to follow.

Initial reports said that up to 42 million users' information was compromised and a large chunk of the users used ‘123456' as their password.