DPC Statement - WhatsApp Security Incident

14th May 2019

The Data Protection Commission (DPC) has been informed (Monday evening 13 May 2019) by WhatsApp Ireland of a serious security vulnerability on the WhatsApp platform. The DPC understands that the vulnerability may have enabled a malicious actor to install unauthorised software and gain access to personal data on devices which have WhatsApp installed.

At this point, WhatsApp has not notified the DPC of the matter under Article 33 (Notification of a personal data breach to a data protection supervisory authority) of the GDPR as WhatsApp are still investigating as to whether any WhatsApp EU user data has been affected as a result of this incident.

While the possibility remains that EU users were affected and in light of the understood severity of the incident, all WhatsApp users are urged to ensure that the latest version of the WhatsApp application is installed on their device, available via the Apple Store or Google Play Store.

The DPC is actively engaging with WhatsApp Ireland to determine if and to what extent any WhatsApp EU user data has been affected.  

To update to the latest version of WhatsApp, users should:

For iPhone

  • Open the App Store and along the bottom select updates.
  • Any pending app updates will be listed here.
  • Select “WhatsApp” and Update

For Android

  • Open the Play Store and tap on the 3 lines in the upper left corner.
  • Select “My apps & games” from the menu.
  • Select “WhatsApp” and Select Update