Advertising on TikTok is an obvious choice for any company trying to reach a young market, and especially if it happens to be a travel company, with 44% of American Gen Zs saying they use the platform to plan their vacations. But one online travel marketplace targeting young vacationers with ads on the popular video-sharing platform broke GDPR rules when a third-party partner misconfigured TikTok’s pixels on one of its regional sites. An interesting new case study reveals how the cyber security firm that discovered the problem stopped a data breach from becoming a costly flood.
For the full case study, click here.
Dangers Close to Home
Cyberattacks often make the headlines because hacking is a natural distraction. The gangs behind the attacks seem like modern-day highwaymen, shadowy figures who can steal countless victims from behind an anonymous mask. Faceless criminals like this always catch the attention of readers, and although this is understandable, we would do well to pay attention to some of the less surprising security risks that could be right. so destructive.
It has been said that if news outlets focused on reporting on the biggest dangers in our lives, every story would cover heart disease and how to prevent it, because it kills many times more people than events such as wars and car accidents. It’s the same with cyber threats. While major hacks make us sit up and take notice, many breaches are caused by simple, erratic failures in ‘housekeeping’, and that’s what happened to the company featured in the This new downloadable case study.
What happen?
Although we are not going to name the global travel market involved (to avoid any embarrassment), the cybersecurity company that caught the problem is called Reflectiz. Its main product is a platform with innovative search technology that presents its results in a clear, intuitive dashboard. Under the hood it scans websites using a proprietary browser that mimics user behavior. It maps all third-party web applications or code snippets linked to the site, including objects embedded in iFrames, so if any code is acting suspiciously or data somewhere it shouldn’t, Reflectiz knows and alerts the user.
The case study details how one of his scans revealed a malformed TikTok pixel. TikTok has 1.6 billion users, so you’ve probably heard the name. If not, it is a video sharing social media platform based in China that is popular among young people. When the travel company started using Reflectiz, they discovered that the pixel was collecting and sending sensitive user data to TikTok’s Chinese servers without their consent, because it was not implemented correctly.
Although it doesn’t seem like there was any malicious intent in this case, the bottom line for companies of any size should be that it doesn’t change the outcome. Online businesses that release customer data without specific consent from users will still be in breach of data privacy regulations such as GDPR and may face sanctions from the regulator.
For the full case study, click here.
Cost of Non-Compliance
Non-compliance with GDPR (the General Data Protection Regulation) can result in serious penalties:
- Fine: up to €20 million or 4% of annual global turnover, whichever is higher. The exact amount depends on the nature of the breach and the size of the organisation.
- Damage to reputation: non-compliance can damage the organisation’s reputation, causing a loss of customer trust and potential business opportunities.
- Orders to stop processing: regulatory authorities may order the company to stop processing personal data, which may disrupt business operations.
- Compensation Claims: People affected by the breach can claim damages.
- A larger study: non-compliant organizations may receive increased attention from regulators and may be subject to audits.
- Legal fees: defending against claims or fines can incur significant legal costs.
Although that may all be a bit of a guess, regulators have been taking action. In one recent example, as of June 2024, the Swedish Data Protection Agency (IMY) fined an online pharmacy 15 million Swedish kronor (about $1.45 million) for using the Facebook Pixel to or – appropriate. The pharmacy activated the Facebook Pixel’s Automatic Advanced Matching (AAM) and Automatic Events (AE) features “by mistake,” which led to the transfer of sensitive personal data to Facebook / Meta. Between 500,000 and one million people were affected by this sudden outage from 2019 to 2021.
For the full case study, click here.
The Solution
While we don’t know the extent of the breach in the travel company case study, we do know that Reflectiz caught the TikTok malfeasance before it could do more damage, potentially saving the company a fortune in fines and loss of reputation.
Despite being so powerful, Reflectiz does not require installation. It’s just a direct onboarding process that starts with remote monitoring to map the entire web ecosystem. After that it constantly monitors all sensitive web pages and will detect and flag suspicious activity with any web component.
The solution may identify third-party web components that track customer activity without their consent, including attempts to capture their geographic locations, or the cameras and use their microphones without permission. With so much at stake, no company can afford to risk getting caught up in something as easily avoidable as tracking pixel distortion.
For the full story on this cautionary tale, download the full case study here.
#TikTok #Pixels #privacy #nightmare #case #study