TikTok was fined £27 million for storing the data of users under the age of 13 without their permission and for gathering excessive identifiable information without legal reasoning. In other cybersecurity news, American Airlines suffered a data breach that was initiated through a compromised employee email account.
Fraudulent mobile apps installed over 13 million times
Researchers have been tracking 85 mobile apps that are active on the Google Play and Apple stores, that have a combined 13 million downloads. These apps are all tied to the ‘Scylla’ malware campaign that floods the victim’s device with ads and is believed to be the third wave of a campaign that started back in 2019. Fortunately, both Google and Apple have already removed these malicious apps and have updated their security to block related apps in the future.
Hacker behind Optus breach apologizes and deletes data
Over the weekend, the hacker taking responsibility for the recent Optus data breach issued an apology to the 10,000 victims whose data had already been leaked and confirmed that the only copy of the stolen data had been deleted. This apology statement comes in the wake of a heightened international law enforcement response to the breach and the hacker claimed it would be nearly impossible to sell the stolen data without repercussions. Officials are still warning the remainder of the 10 million Optus customers who may have been affected by this breach to monitor their credit for anything suspicious.
Black Basta ransomware targets defense firm
Nearly 4 months after discovering some suspicious activity on an internal network, officials for Elbit Systems of America (a US subsidiary of the global defense firm) have confirmed that they had fallen victim to a data breach, which affected 369 customers. Though Black Basta has only been active since April of this year, they continue to be highly proficient at infiltrating computer networks to encrypt and exfiltrate data, before posting it to their leak site.
Phishing victim alerts American Airlines of data breach
After receiving a phishing email from an American Airlines address, one victim informed the airline that they may have been compromised by an unknown actor, which was later confirmed by staff. The breach occurred on September 16th and appeared to have been initiated by compromising an employee email account and using Microsoft 365 to distribute the phishing emails. American Airlines has already contacted the 1,708 employees and customers that were affected and has offered a year of credit and identity monitoring to the victims.
TikTok fined for misuse of data
The UK’s Information Commissioner’s Office (ICO) has issued a £27 million fine on the social media app, TikTok, for the misuse of user data. The biggest issues come from the company storing information on users under the age of 13 without obtaining proper adult consent and gathering excessive identifiable information without any legal reasoning. TikTok seems to be the first in a lengthy line of online services that will be facing heightened scrutiny over their data collection policies.
