17 January 2020

IRM Weekly Cybersecurity Roundup: Dating app GDPR breaches and more

This week, a new study has put the spotlight on dating app GDPR breaches, the only Democratic campaign CISO has resigned, Equifax are racking up a big bill, and more.

Want the IRM weekly cybersecurity roundup sent straight to your inbox? Sign up to our newsletter.

New study highlights dating app GDPR breachesdating app GDPR breaches

A new study by the Norwegian Consumer Council (NCC) has highlighted dating app GDPR breaches from Grindr, OkCupid and Tinder.

The apps are allegedly sharing user information including sexual preferences, behavioural data and precise location data to advertising companies, which violates privacy law.

Between June and November 2019, the top ten most popular dating apps on Google Play were chosen and the majority were found to transmit data to “unexpected third parties”. Users were not clearly told how their data was being utilised.

You can read more here.

Multiple vulnerabilities found in TikTok app

A cybersecurity firm has tested the TikTok app and found vulnerabilities allowing for security loopholes and account hacking.

The researchers were able to manipulate code to amend account content, delete and upload videos without user consent, make hidden videos public and access personally identifiable information.

This study follows an announcement to the US Army and Navy last year, who were told not to use the app on phones issued by the Government. Politicians have also raised security concerns over the app due to its ties to China.

You can read more here.

Democratic presidential campaign CISO resignsPete Buttigieg

The only full-time Democratic presidential campaign Chief Information Security Officer (CISO) has resigned.

Mick Baccio was the CISO for the campaign for Indiana Major, Pete Buttigieg. The campaign group has replaced Baccio with a new security firm and has reinstated their commitment to digital security and protection against cyber-attacks.

Buttigieg’s campaign is thought to be the only Democratic campaign with a full-time member of staff in a security role. Many see this as cause for concern when email inboxes were hacked in the 2016 elections, allegedly by Russian military intelligence officers.

You can read more here.

Equifax 2017 data breach bill will reach $1.38 billion

Equifax has agreed to set aside at least $380.5 million for breach compensation and will spend another $1 billion on improving information security within the next 5 years.

Those affected by the breach have been given 7 days from the 15th January to file a claim. Individuals could be rewarded up to $20,000 if they can prove they are out of pocket directly due to the breach.

The breach, which is said to have been caused by an Apache Struts framework component, could have been avoided by using the patch available at the time of the breach.

You can read more here.

Quick-Fire Updates

Travelex makes progress: The foreign currency firm is now in the process of getting back up and running after recovering from the ransomware attack which demanded £4.6m. Read more here.

Shares suspended for Brussels looms manufacturer:  The looms manufacturer was targeted by ransomware on Monday morning, forcing the company to halt production in Ypres, Beligum. Sites in China and Romania were also affected and the company’s shares have now been suspended on the Brussels Stock Exchange. Read more here.

South African Banking Risk Information Centre (SABRIC) responds to malware rumours after Kaspersky made claims that there had been potential malware attacks on major banks in the sub-Saharan Africa region by Russian hacking groups. SABRIC has stated it is constantly working and driving innovation to strengthen South African bank security. Read more here.

To find out more about IRM, Altran’s World Class Center for Cybersecurity, explore our cybersecurity services here.