Report: LOKKER’s Research of 170,000 Websites Reveals Over 5.1 Million Data Privacy Risks, Amidst Increasing Lawsuits and Legislation Regarding Data Privacy

New analysis identifies significant issues across several industries’ websites, putting businesses in jeopardy of breaches and non-compliance

REDWOOD CITY, Calif., Oct. 19, 2022 /PRNewswire/ — LOKKER, provider of data privacy and compliance solutions for the enterprise, today launched its second annual research report detailing global online data privacy risks. Its latest research analyzed 170,000 websites around the world, identifying more than 5.1 million data privacy risks. The research comes at a pivotal moment as enterprises deal both with a boom in lawsuits for data privacy violations they are often unaware they are making, and a need to become compliant with new privacy laws.

LOKKER’s research uncovered that companies are inadvertently sharing site visitors’ personal data with a host of third parties that introduce a range of vulnerabilities, like JavaScript trackers, fingerprinters, data skimmers, and session replay scripts. While third-party cloud software provides beneficial website features, many collect and share visitors’ information, often with unauthorized parties and without the website owner’s knowledge. As a result, brands are putting their customers and themselves in jeopardy – risking millions of dollars in legal expenses, regulatory fines and penalties, and substantial erosion of consumer trust.

“Many organizations don’t know the extent to which they’re sharing data with third parties because they can’t see what’s happening behind the scenes in the browser, let alone control it,” said Ian Cohen, founder and CEO of LOKKER. “Without visibility into the privacy risks imposed by third parties, organizations are exposed to a growing number of class-action lawsuits claiming violations of both current and soon to be enacted laws in California, Utah, Virginia, Connecticut and Colorado. We see the recent burst of data privacy-related lawsuits as the beginning of an expansion of US regulatory actions not unlike GDPR enforcement in Europe. Getting control over website browser data privacy has never been more urgent for companies.”

Key takeaways from LOKKER’s latest report include:

The web browser is the new endpoint to defend

  • There are nine critical web privacy risks businesses need to get under control, including malware, data skimming of PII and PHI, trackers, cookies being set in each session, fingerprinting scripts, foreign domains making requests, session replay scripts recording activity, young domains serving JavaScript and bad SSL certification.
  • More than 38,000 fingerprinting scripts lead to widespread consumer profiling, capturing information such as a person’s location, IP address, type of device, fonts installed, and other specifications of their computer and browser. This enables savvy data brokers to create profiles (‘fingerprints’) that are continually enriched until a website visitor is able to be identified.
  • Over 11,000 scripts originated from known nation-state actors, the vast majority from Russia.

93% of online trackers are from Google (71.19%), Facebook (15.7%), and Microsoft (6%)

  • These trackers – JavaScript that is collecting information on a host site and sending it to a third party – are also coming from sub-brands like Google’s Doubleclick ad network and Microsoft’s LinkedIn platform.

The top social media networks are harvesting data from education, financial services, and healthcare sites

  • Analysis of education sites in the US (over 6,000 domains inspected) found that Facebook trackers are on 42% of sites, Microsoft on 15%, Twitter on 10%, and both SnapChat and TikTok on 5% of sites.
  • Of over 5,000 hospital and healthcare services’ sites, 40% have Facebook trackers, 13% have Microsoft trackers, 8% have Twitter trackers, and 6% have Pinterest trackers. Of note, TikTok trackers were discovered on 5% of the sites analyzed.
  • Across the home pages of the Fortune 1000 websites, Facebook trackers were identified on 46% of sites, Microsoft on 31%, Twitter on 21%, and Pinterest on 11%.
  • When it comes to US financial services sites, Facebook is on 36% of sites, Microsoft on 19%, and Twitter on 10%.

“The increasing number of class action lawsuits, growing consumer concern about personal data privacy, and imminent data privacy laws going into effect in 2023 are increasing pressure on organizations to take control of data privacy risks on their websites,” Cohen added. “Organizations have an immense responsibility to protect their customers and their company. It’s critical that they mitigate these threats by not exposing consumers’ personal data to unauthorized third parties.”

For LOKKER’s complete report that discusses these risks and their impacts further, as well as how companies can prepare themselves to be compliant with 2023 privacy regulations, visit https://lokker.com/wp-content/uploads/2022/10/LOKKER_OnlineDataPrivacyReport_Oct22.pdf

About LOKKER
LOKKER is a Silicon Valley-based data privacy technology company creating software for companies to protect their customers’ sensitive personal information from being misused and shared. LOKKER’s Privacy Edge™ platform is a SaaS-based solution that automates detection and mitigation of Javascript-based threats that lead to major incidents, fines and reputational damage for companies. For more information visit, lokker.com.