Advertisement
Advisor
Tech

How online dating can make you a target for data theives

Jackson Stiles
Jun 25, 2014, updated May 26, 2015

When it comes to the dangers of online dating, you are probably well aware of ‘lonely hearts’ scammers – those who extort money by pretending to be smitten with your digital self.

But online dating can be dangerous for a completely different, but equally as sinister reason: data theft.

• Read more about ‘lonely hearts’ scammers
• Read more about the Cupid Media case

Depending on your level of honesty, building a dating profile can involve disclosing a lot of sensitive information.

This makes you – or rather the website that stores your data – a juicy target for data thieves. It also puts your information at the mercy of the dating website’s privacy policy.

Click on the owl for tips to date safely online  

On Wednesday, Privacy Commissioner Timothy Pilgrim found the lax privacy protocols of a Gold Coast online dating company led to thousands of Australian users having their sensitive information stolen by hackers last year.

newdaily_250614_onlinedating2Cupid Media, which runs 36 global dating sites, failed to take reasonable steps to protect its data, and thus was found to have breached the Privacy Act.

In this year’s annual data breach report, US telco Verizon noted that data breaches like these are occurring globally “at a staggering rate”.

Based on worldwide data including from Australia, Verizon reported that 63,437 security incidents and 1,367 confirmed data breaches occurred in 2013. This represents an increase of more than 16,000 incidents and more than 700 confirmed breaches from the previous annual report.

Peter Clarke, a member of the Australian Privacy Foundation and a Melbourne-based barrister who specialises in the area of privacy law, says that online dating websites are inherently risky.

“The problem is, if you want to use [online dating sites] to the best advantage, it’s in your interests to provide the information that will get you the results,” Mr Clarke says.

Australia’s privacy law recognises that much of the information we share on these sites, such as our race, ethnicity, politics, religion and sexuality, is “sensitive” and in need of protection – something the Privacy Commissioner Commissioner confirmed in his investigation report.

For example, one of the Cupid Media websites that was hacked is called GayCupid. Having an account with this website could be sensitive information that a user might want to keep private.

Another lesson to be learned from Cupid Media is that anything you upload to your dating profile can persist in cyberspace long after you get bored with the website or find a long-term partner.

In Cupid’s case, the Privacy Commissioner found that much of the stolen data should have been deleted or de-identified long ago, but carelessly was not.

Lucky escape for Cupid

Mr Clarke says the consequences for Cupid Media were “very lenient” compared to what could have been imposed under recent amendments to the Privacy Act.

Cupid luckily missed the starting date for these new privacy laws. If it had committed the same breach after 12 March this year, it could have faced a fine up to $1.7 million, according to Mr Clarke.

newdaily_250614_onlinedating3Cupid was also doubly fortunate, in that the mandatory data breach notification law proposed by the previous Labor Government was never passed.

This Act would have imposed stricter US-style requirements on Australian companies to notify their users and the Privacy Commissioner immediately after a data breach occurs.

If this had been place, Mr Clarke says a breach like that at Cupid could have been resolved quicker, with users better informed.

“The benefit of a mandatory notification process is that it sets down a timeframe, and what this [report] doesn’t tell you is when Cupid Media notified.

“They really should be saying more than just, ‘There’s been a breach. Change your passwords.’ They really should be saying what the nature of the breach was,” Mr Clarke says.

Fortunately for Cupid, the law did not pass, and – despite being reintroduced by a Labor Senator in March – is likely to be blocked by the Abbott Government.

“Both parties are playing politics on it, but it’s a classic example that, if there had been mandatory notification of a data breach, this [Cupid Media case] would fall right in the middle of an obligation to do that,” Mr Clarke says.

More Advisor >
Garry Linnell: The dark side of corporate jargon
Advisor

Garry Linnell: The dark side of corporate jargon

Why you should keep spiders and insects onside
Advisor

Why you should keep spiders and insects onside

The problem with our gold-standard legal system
Advisor

The problem with our gold-standard legal system

Fake news 'vaccine' to combat climate myths
Advisor

Fake news 'vaccine' to combat climate myths

US scientists confirm 2016 was Earth's hottest year
Advisor

US scientists confirm 2016 was Earth's hottest year

Was your newsletter late this morning?
Advisor

Was your newsletter late this morning?

Coming to our Census on securing our data
Advisor

Coming to our Census on securing our data

How Europe fended off the Mongol army
Advisor

How Europe fended off the Mongol army

Those bizarre English phrases explained
Advisor

Those bizarre English phrases explained

Stay informed, daily
A FREE subscription to The New Daily arrives every morning and evening.
Subscribe
The New Daily is a trusted source of national news and information and is provided free for all Australians. Read our editorial charter
Topics
The New Daily
Copyright © 2024 The New Daily.
All rights reserved.