Good day. TikTok, as a deal with
nears, is working to settle a privacy suit filed on behalf of users as young as eight years old, WSJ Pro’s David Uberti reports. The complaints claim that TikTok sends user data to Chinese servers and improperly collects “voiceprints” and “face geometry scans” to recommend content based on users’ age, race and physical attractiveness.
Also today: Staples breach; hackers see opening for cyberattack in flaws in
Citrix and other products; U.K. lawsuit accuses YouTube of violating children’s privacy; Microsoft to sell Abnormal Security email protection; and Ireland pauses
Join us: on Wednesday, WSJ Pro Cybersecurity’s research group will host a discussion about the cyber threat landscape with Eric Friedberg, co-president of risk consulting firm Stroz Friedberg; and Ron Meeting, CSO of Maestro Health. Register here.
“It’s next to impossible to know what any given company is doing on the back end.”
— Shuman Ghosemajumder, head of artificial intelligence at
on how corporate algorithms work
TikTok strives to settle privacy lawsuit as Oracle deal nears. Lawyers for TikTok are pushing to settle a lawsuit in Illinois alleging the video-sharing app improperly collects data from its users, many of them underage, as its Chinese parent company closes in on a deal with Oracle Corp.
President Trump issued an executive order in early August giving parent company ByteDance Ltd. 45 days to sell TikTok’s U.S. operations to an American company or face a ban. The deadline put more pressure on the company to resolve the suit before a potential sale, and attorneys have been discussing a settlement in recent weeks, according to court filings and three lawyers involved in the case.
A deal could help TikTok avoid a potentially long and expensive case exploring whether it unlawfully records minors’ personal information, including by scanning their faces, to bolster development of artificial-intelligence technologies in China and feed a recommendation engine seen as key to the app. The algorithm has become a sticking point in sale talks despite little understanding beyond TikTok of how it works.
Read the full story.
More Cyber News
Staples notifies customers of data breach. The retailer emailed some customers about unauthorized access of information related to online orders, Bleeping Computer reports. Data compromised could include names, addresses and the last four digits of credit card numbers, among other information, the notification said.
Hackers linked to China have exploited flaws in Microsoft, Citrix products, U.S. officials said. Cyberattacks in recent months linked to Chinese intelligence services used phishing emails as a first step in penetrating the networks of U.S. organizations, the FBI and the Cybersecurity and Infrastructure Security Agency said in an alert Monday. Attackers then sought vulnerabilities in networking equipment and software from F5 Networks Inc.,
Pulse Secure and Microsoft Corp., CyberScoop reports. The firms have issued patches, in some cases months ago. User organizations should conduct “a rigorous configuration and patch management program,” the alert said.
Google’s YouTube accused of misusing children’s data in the U.K. Privacy advocates filed a lawsuit against
Google that claims YouTube violates Europe’s privacy laws by collecting data about kids under age 13, Bloomberg reports. A YouTube representative declined to comment to the news site about the lawsuit and said the video service isn’t intended for children under 13. A specialized app called YouTube Kids is targeted to young children, the representative said.
Microsoft to offer Abnormal Security’s email protection products. Under the deal, the email-security startup will move its software onto the tech giant’s Azure cloud. Microsoft, in return, promises to sell Abnormal’s services to its large enterprise clients, The Wall Street Journal reports. In the two years since its founding, Abnormal used Amazon Web Services, spending several million dollars annually on the cloud service. Abnormal’s chief executive, Evan Reiser, said that selling its security service to huge enterprise customers with ties to Microsoft was so attractive it outweighed the downside of making the switch in cloud providers.
Ireland’s data privacy watchdog pauses Facebook inquiry. A preliminary order from the regulator would have stopped Facebook from transferring Europeans’ data to the U.S. (Reuters)