The dating website Ashley Madison was in violation of Australian and Canadian privacy laws at the time when it suffered a security breach last year.
Australian and Canadian authorities carried out a joint investigation into the breach and made this finding in a report which has been released today.
Avid Life Media, the owner of the website, has been asked to enhance privacy safeguards, amend information retention practices, improve information accuracy and increase transparency.
ALM has signed an enforceable undertaking with the Australian Information Commissioner to implement these measures.
{loadposition sam08}At the time of the breach, Ashley Madison had approximately 36 million user profiles. The hackers who breached the site stole account information, email addresses, security questions and in some cases billing and geolocation information.
The breach came to light on 19 July when security expert Brian Krebs broke the news that a group calling itself The Impact Team had published about 40MB of data from ALM.
Apart from Ashley Madison, ALM also runs Cougar Life (targeted at mature women seeking younger men (and vice versa); Established Men (targeted at mature men seeking younger women and vice versa) and Man Crunch (targeted at men seeking men).