By Matt Golabek & Trevor Morgan 

From calorie counters to food delivery services to secret and deceptive “vaults” to hide info from parents, millions of humans are tethered to smartphones as if they were their only lifeline. With the convenience, however, comes potential risks for the user.

IBM’s Cost of a Data Breach Report 2019 identified the following startling figures:

  • Average total cost of a data breach: $3.92 million;
  • Average size of data breach: 25,575 records;
  • Time to identify and contain a breach: 279 days;
  • Highest country average cost: United States, $8.19 million; and
  • 2019 odds of a data breach within two years: 29.6%, up from 27.9 in 2018.

While these data critically inform decisions and actions taken by CEOs, investigative analysts, and cybersecurity professionals in an effort to protect a company’s assets, they are also important to the average consumer.

Take for example, the popular app, MyFitnessPal. In February 2019, it was reported that 151 million accounts were breached and being sold on Dream Market, a nefarious site on the anonymous Dark Web where drugs, stolen data, and counterfeit consumer goods were being sold. It closed “shop” a month later, with rumors that law enforcement had been breathing down its cyber neck. Another popular app, DoorDash, had a data breach of 5 million records in 2019.

This new Hg blog series is based on our February FactSheet, What the APP?! Top Social Media APPS and the Lowdown on What Info They Collect, in which our seasoned analysts compiled a list of popular apps used by teenagers and adults to better inform readers of what information each app is collecting. You can download the full FactSheet for free, and we encourage you to share it with others.

This week, we review 3 popular banking and household apps.


Cozi is a calendar app tailored for families and friends. This app collects and stores a wide array of data, including but not limited to passwords, addresses, payment information, calendar data, photos, contacts, birthday information, and resume data. View its privacy policy.


PayPal determines what information the mobile business app will collect depending on a user’s needs. More than likely a user will be required to provide their name, postal address, telephone number, email address, and identification information. Not only does this app collect the user’s information, but, at times, this app would need to collect the information of those within whom you are completing a transaction, such as friends, family, and associates. Visit its privacy policy.


This popular service is designed to help users transfer and collect funds without any physical exchange of cash. Users are able to include emojis and words to express thanks, intrigue, and payment information, which can be viewed by their followers and friends on social media channels. Venmo may also collect your identification, device, geolocation, social networks, and financial information. View its privacy policy.

Here, we share a helpful infographic from Investopedia:


 Matt and Trevor are investigative analysts at Hetherington Group, where they use their open source research skills to extract data from social media accounts, conduct risk assessments, and monitor subjects for clients in pharma, tech, retail, and entertainment. Both are contributing writers to Hg’s Data2Know, Industry Undercover, and OSINT Slack channels. On their lunch breaks, they can be found outside playing frisbee with their four-legged colleagues.