Webber Insurance Services Webber Insurance Services
Talk to an insurance broker

1300 932 237

Menu
  • Home
  • About
    • About Us

      Read more about our Business and Partners.

      Find out more about the team at Webber Insurance, what our clients say and who we partner with to enable us to provide you with superior insurance products.

      Contact Us
      • About Us
      • Careers
      • Compliance Hub
      • Webber Insurance Group
      • Steadfast Insurance
      • Testimonials
    • Close
  • Blog
    • Blog Posts & Ultimate Guides

      Read our latest blog posts plus get further information on key topics in our ultimate guide pages.

      At Webber Insurance, we work to expand our clients understanding of a wide range of business risk management topics

      Latest Blogs
      • Contractual Liability Essentials
      • Data Breaches In Australia
      • The Ultimate Guide to Cyber Insurance
      • Ultimate Guide – Data Breach Notification
    • Close
  • Products
    • Insurance Products

      We will find you the right insurance product for your business.

      Use a qualified Insurance Broker to ensure that you have an insurance program that is tailored to your specific needs.

      Quick Quote
      • Asbestos Liability
      • Building Indemnity Insurance
      • Business Insurance
      • Commercial Legal Protection Insurance
      • Contract Works Insurance
      • Contractors Insurance
      • Corporate Travel Insurance
      • Cyber Insurance
      • Design & Construct Insurance
      • Excess Liability Insurance
      • IT Liability Insurance
      • Management Liability Insurance
      • Office Insurance
      • Plant & Equipment Insurance
      • Professional Indemnity Insurance
      • Public & Products Liability
    • Close
  • Occupations
    • Occupations

      We can source insurance for all kinds of occupations.

      As a specialist insurance broker, we have access to a range of local and overseas insurers who are capable of assisting with risks; large or small for all occupations

      Quick Quote
        • Accounting Insurance
        • Architect Insurance
        • Building Designer Insurance
        • Building Inspector Insurance
        • Consultants Insurance
        • Energy Raters Insurance
        • Engineers Insurance
        • Environmental Consultant Insurance
        • IT Contractors
        • Interior Designer Insurance
        • Labour Hire / Recruitment
        • Project Management Insurance
        • Real Estate Agent Insurance
        • Tradesman Insurance
    • Close
  • Schemes
    • Schemes

      Insurance schemes for various occupations and industries.

      Webber Insurance has a number of insurance schemes that we have developed for specific industries and occupations.

        • ABSA TPA Assessors
        • ATTMA Insurance
        • Building Designer Association Australia (BDAA)
        • Building Design Queensland (Formerly BDAQ)
        • Building Designer Insurance
        • Design Matters National (Formerly BDAV)
        • Energy Raters Insurance
    • Close
  • FAQ’s
  • Get a Quote
    • Get A Quote

      We work to simplify the insurance process for our clients.

      Complete one of our online proposal forms today to receive a quote for your insurance requirements

      Get A Quote
      • Accountants
      • Architects
      • Asbestos Liability
      • Building Designer
      • Commercial Legal Expenses
      • Consultants
      • Contract Works – Annual
      • Contract Works – One Off
      • Corporate Travel
      • Cyber Insurance
      • Engineers
      • IT Liability
      • Management Liability
      • Office Insurance
      • Plant & Equipment
      • Professional Indemnity
      • Project Manager
      • Public Liability
      • Real Estate Agent
      • Tradesman
    • Close
  • Claims
  • Contact
  • Pay Premium
Webber Insurance Services Webber Insurance Services
Call Menu
  • Get a Quote
  • Make a Claim
  • Products
    • Asbestos Liability
    • Building Indemnity Insurance
    • Business Insurance
    • Commercial Legal Protection Insurance
    • Contract Works Insurance
    • Contractors Insurance
    • Corporate Travel Insurance
    • Cyber Insurance
    • Design & Construct Insurance
    • Excess Liability Insurance
    • IT Liability Insurance
    • Management Liability Insurance
    • Plant & Equipment Insurance
    • Professional Indemnity Insurance
    • Public & Products Liability
  • Occupations
    • Accounting Insurance
    • Architect Insurance
    • Building Designer Insurance
    • Building Inspector Insurance
    • Consultants Insurance
    • Engineers Insurance
    • Energy Raters Insurance
    • Environmental Consultant Insurance
    • Interior Designer Insurance
    • Labour Hire & Recruitment Insurance
    • Real Estate Agent Insurance
    • Tradesman Insurance
  • Schemes
    • ABSA TPA Assessors
    • ATTMA Insurance
    • BDAA
    • BDAWA
    • Building Design Queensland
    • Design Matters National
    • Energy Raters Insurance
  • Contact
  • FAQ’s
  • About
    • Testimonials
  • Blog
    • The Ultimate Guide to Cyber Insurance
Jul 09
Cupid Media Case Study

Privacy Case Study: Cupid Media Pty Ltd

  • July 9, 2014
  • Chris Webber
  • Insurance News

In the past week, it was revealed that Cupid Media Pty Ltd had become yet another victim to a cyber attack, with hackers gaining access to the personal information of approximately 254,000 Australian users.

Cupid Media operates over 35 dating websites, relying heavily on personal information such as name, email address, gender, ethnicity and religion to create personal profiles for their users –  just the kind of information cyber criminals are after.

The view from commentators is that Cupid Media was doing everything correctly for the most part to protect the personal information of their users. Their IT security program was deemed reasonable by many of its peers with measures in place such as firewalls, anti-virus software, vulnerability scanning and patch management however, we have learnt time and time again that no matter how stringent your cyber protection procedures may be, hackers will find a way in.

This data breach lead to an investigation carried out by the Privacy Commissioner to determine if Cupid Media has breached the National Privacy Principals as a result of the attack.

What Happened?

In order to gain a general idea of the how this data breach unfolded, let’s take a look at the timeline of events:

  1. Cupid Media identified a rogue file on their webservers on 21 January, 2013
  2. An internal investigation was carried out by Cupid Media which determined that on 18 January 2013, attacks exploited a vulnerability within the application server platform (ColdFusion). This allowed the hackers to gain access to Cupid Media’s webservers.
  3. With access to the webservers, the hackers then uploaded a shell ‘ColdFusion Markup’ file that allowed them to run SQL queries against the Cupid Media databases and obtain unauthorised access to their data.
  4. On 16 January 2013, a security patch for the ColdFusion vulnerability was released however, Cupid Media did not receive notification from the developer that the patch had been made available.
  5. Cupid Media claimed that ordinarily, the developer would communicate with them via alerts when updates and patches were available, but failed to do so in this instance. On 21 January 2013, Cupid Media was alerted to the new patch when their IT team identified through its ‘business as usual’ internal patch management processes that it was available.
  6. Cupid Media applied the patch to fix the vulnerability on the 21 January 2013, preventing attackers from obtaining any further data and information.

Cupid Media has advised that the personal information stolen included full names, dates of birth, email addresses and passwords.

As you can imagine, this has caused significant damage to the reputation of the brand and the trust placed in Cupid Media by their customers. In this industry, the relationship you have with your customers is paramount as without them trusting that their private information is stored safely, there will be no business.

Were The National Privacy Principles Breached?

Following the discovery that their network had been compromised, Cupid Media were subject to an investigation by the Privacy Commissioner to determine if they had breached any of the National Privacy Principals.

At the time of the breach, Cupid Media was covered by the ten National Privacy Principals which were in effect from 21 December 2001 to 11 March 2014. As of 12 March 2014, the Australian Privacy Principals have been introduced which have vested the commissioner with greater powers to punish companies who do not adequately protect their customers’ data.

The Privacy Commissioner considered whether Cupid Media had complied with the following National Privacy Principals, which require organisations to:

  • to take reasonable steps to protect the personal information they hold from misuse and loss and from unauthorised access, modification or disclosure.
  • to take reasonable steps to destroy or permanently de-identify personal information that they no longer need for any purpose for which the information was collected
  • to use or disclose personal information only for the purposes identified at the time of collection, unless exception applies

Resulting from their investigation, the commissioner found that Cupid Media had in fact taken a number of reasonable steps to protect the personal information of their users however, there were a couple of areas in which there was a failure to comply.

Cupid Media were found to have failed to correctly protect user passwords. User passwords were stored in plain text which is considered insecure. Organisations much apply encryption techniques such as hashing or salting to the passwords to ensure they are adequately protected.

When surveying just how many users were targeted, Cupid Media highlighted that among the 42 million users, there were a number of junk or duplicate accounts included within that figure. Cupid Media had no formal process in place to identify such accounts and subsequently destroy or de-identify them, therefore finding them in breach of another National Privacy Principle obligation.

What Can We Learn From This?

During their investigation, the Privacy Commissioner found that Cupid Media acted appropriately in response to the data breach. In particular they:

  • obtained and applied the ColdFusion security patch to fix the vulnerability, and
  • appropriately notified the affected individuals while ensuring they reset their passwords (also encouraging them to reset their passwords for services in which they used the same password)

As a result of these steps taken by Cupid Media and their willingness to cooperate with the investigation, the commissioner did not issue a financial penalty to the company.

It is important to note that if this same incident were to occur under the new Australian Privacy Principals, Cupid Media may not have walked away fine-free. The new legislation is much more onerous and can result in huge penalties for failing to comply.

This is a gentle reminder to businesses to ensure they have adequate levels of security in place to protect the personal information of their customers. Data security processes should be regularly reviewed in order to aim for the best privacy practices to avoid breaching the Australian Privacy Principals. Cupid Media have since undertaken an extensive privacy and data security remediation program to ensure they are complaint under the new Australian Privacy Principals, a step all business should be taking to ensure they are doing everything in their power to protect the sensitive information of their customers.

  • Facebook
  • Twitter
  • Reddit
  • Pinterest
  • Google+
  • LinkedIn
  • E-Mail

About The Author

Chris Webber is the Director of Webber Insurance Services. Chris has been in the insurance industry for 20 years and is an SME business insurance specialist. The information on this blog and website is of a general nature only. It does not take into account your individual financial situation, objectives or needs. You should consider your own financial position and requirements before making a decision. We recommend you consult a licensed insurance broker in order to assist you.

Comments are closed.

Recent Posts

  • What Australia’s 2023–2030 Cyber Security Strategy Means for You
  • Securing Customer Data for Small to Medium Businesses [Australian Cyber Security Centre]
  • ‘Active’ Cyber Insurance – The Future for Small Businesses
  • Avoid These 7 Insurance Mistakes as a Small Business Owner
  • A Guide to Navigating Public Liability Insurance Claims
  • Congratulations to Daniel Webber, Excellence Awardee in the Insurance Business Awards 2023
  • Introducing Assetinsure: SA’s New Builders Warranty Insurer
  • What Happens When You Cancel Your Professional Indemnity Policy?
  • What To Do As a Small Business After Discovering a Data Breach
  • Daniel Webber Places 6th on the 2023 Elite Brokers List

Contact us

  • Make an enquiry
  • Get a Quote
  • 1300 932 237
Webber Insurance Services
  • Terms of Use
  • Privacy Policy
  • Financial Services Guide
  • Complaints & Disputes Handling
  • Code of Practice
  • Compliance Hub
© Copyright 2022 Webber Insurance Services

328A Magill Road, Kensington Park SA 5068

Webber Insurance Services Pty Ltd | ABN: 88 648 036 929 | CAR No: 413233

Authorised Representative of Webber Insurance Group Pty Ltd | AFSL: 488465 | ABN: 70 612 339 894 All rights reserved