All Vendors
data_enrichment

Kaspr

Kaspr is a data enrichment vendor that extracts professional contact data from LinkedIn profiles via a Chrome browser extension, fined 240,000 euros by French data protection authority CNIL in December 2024 for unlawful data scraping, excessive retention, and transparency failures.

51 IOCs
0
Vendor Risk Score

How This Briefing Works

This report opens with key findings, then maps the gaps between what Kaspr discloses and what BLACKOUT observed at runtime. From there: what it means for your organization, what to do about it, and the detection data and evidence underneath.

Key Findings

Analysis pending. Findings will appear here once intelligence collection is complete.

Disclosure Gaps

Claims vs. Observed Behavior

4 gaps

compliance

CRITICAL
They Claim

GDPR compliant data practices

Observed Behavior

CNIL fined Kaspr 240,000 euros in December 2024 for multiple GDPR violations including unlawful collection, excessive retention, and transparency failures

accuracy

HIGH
They Claim

Real-time verification from 150+ sources

Observed Behavior

Primary data source is LinkedIn scraping, which CNIL found to include unlawfully collected restricted-visibility profiles

transparency

CRITICAL
They Claim

Professional contact data from public sources

Observed Behavior

CNIL ruled that scraping restricted-visibility LinkedIn profiles goes beyond public data — users who limited visibility did not make their data publicly available

pending

UNKNOWN
They Claim

Ordered to comply with CNIL remediation by June 2025

Observed Behavior

Awaiting verification of whether Kaspr has deleted unlawfully collected data and ceased restricted-profile scraping as ordered

Customer Impact

What This Means For You

Organizations using Kaspr face elevated regulatory risk following the CNIL enforcement action. Any contacts sourced from Kaspr's database prior to the remediation deadline may include unlawfully collected data — contacts scraped from restricted-visibility LinkedIn profiles who never consented to their information being extracted or shared. Using this data for outreach creates direct GDPR liability for your organization, not just for Kaspr. The CNIL fine establishes clear regulatory precedent that LinkedIn scraping beyond publicly visible profiles is unlawful. Organizations that built prospect lists using Kaspr data should audit their databases for contacts who may have been sourced through these practices. The reputational risk is compounded by the public nature of the CNIL decision — prospects who discover they were contacted using data from a sanctioned scraping operation will not view your organization favorably. Revenue impact includes potential GDPR fines (up to 4% of annual turnover), prospect list contamination, and damaged sender reputation.
Recommended Actions

What To Do About It

Role-specific actions based on observed behavior

Recommended Actions for Kaspr

  • - Immediately audit all contacts sourced from Kaspr to identify records that may include unlawfully scraped LinkedIn data - Request written confirmation from Kaspr/Cognism that your organization's data does not include contacts collected from restricted-visibility profiles - Review your GDPR processing records to ensure Kaspr is documented as a data source with appropriate legal basis - Consider suspending Kaspr-sourced outreach until CNIL remediation compliance is verified - Implement data provenance tracking for all contacts entering your CRM from third-party enrichment tools

Negotiation Leverage

  • Kaspr's negotiating position is significantly weakened by the CNIL enforcement action. Demand contractual indemnification for any regulatory liability arising from Kaspr-sourced data, including data collected prior to the June 2025 remediation deadline. Request written attestation that your organization's data feed has been cleansed of unlawfully collected records.
  • Negotiate for audit rights to verify Kaspr's CNIL compliance status, including proof that restricted-visibility profile data has been deleted and scraping practices modified. The CNIL fine is public record and provides concrete leverage — Kaspr must demonstrate reformed practices to retain customers. Push for data retention limits in your contract that prevent indefinite storage of your prospect interactions. Given the Cognism acquisition, ensure your contract addresses data sharing between Kaspr and Cognism entities and establishes boundaries on how your usage data flows through the combined ecosystem.
IOC Manifest

IOC Manifest

51 INDICATORS

Indicators of compromise across 4 categories. Use for detection rules, CSP policies, or Pi-hole blocklists.

TRACK
*www.kaspr.io/hs/cta/cta/current.js*
Tracking script
TRACK
*www.kaspr.io/hs/hsstatic/content-cwv-embed/static-1.*/embed.js*
Tracking script
TRACK
*www.kaspr.io/hubfs/hub_generated/template_assets/1/*/*/template_aos.js*
Tracking script
TRACK
*www.kaspr.io/hubfs/hub_generated/template_assets/1/*/*/template_jquery.js*
Tracking script
TRACK
*www.kaspr.io/hs/hsstatic/cos-i18n/static-1.53/bundles/project.js*
Tracking script
TRACK
*www.kaspr.io/hubfs/hub_generated/template_assets/1/*/*/template_main.js*
Tracking script
TRACK
*www.kaspr.io/hubfs/hub_generated/template_assets/1/*/*/template_lazy.js*
Tracking script
TRACK
*www.kaspr.io/hs/scriptloader/*.js*
Tracking script
TRACK
*www.kaspr.io/hs/hsstatic/HubspotToolsMenu/static-1.624/js/index.js*
Tracking script
TRACK
*www.kaspr.io/hs/cta/ctas/v2/public/cs/cta-loaded.js*
Tracking script
TRACK
www.kaspr.io/hs/cta/cta/current.js
Auto-extracted from scan
TRACK
www.kaspr.io/hs/hsstatic/content-cwv-embed/static-1.1293/embed.js
Auto-extracted from scan
TRACK
www.kaspr.io/hs/hsstatic/cos-i18n/static-1.53/bundles/project.js
Auto-extracted from scan
TRACK
www.kaspr.io/hubfs/hub_generated/template_assets/1/73106289235/1765961267344/template_jquery.min.js
Auto-extracted from scan
TRACK
www.kaspr.io/hubfs/hub_generated/template_assets/1/73106255204/1765961263668/template_lazy.min.js
Auto-extracted from scan
TRACK
www.kaspr.io/hubfs/hub_generated/template_assets/1/75170097214/1765961264673/template_aos.min.js
Auto-extracted from scan
TRACK
www.kaspr.io/hubfs/hub_generated/template_assets/1/73109748510/1765961262445/template_main.min.js
Auto-extracted from scan
TRACK
www.kaspr.io/hs/scriptloader/6052405.js
Auto-extracted from scan
TRACK
www.kaspr.io/hs/hsstatic/HubspotToolsMenu/static-1.624/js/index.js
Auto-extracted from scan
TRACK
www.kaspr.io/hs/cta/ctas/v2/public/cs/cta-loaded.js
Auto-extracted from scan
Ecosystem

Ecosystem & Supply Chain

Kaspr is now part of the Cognism ecosystem following its acquisition, which significantly expands the data sharing surface. Kaspr's 160-million-contact database feeds into Cognism's broader B2B intelligence platform, and Cognism's existing data relationships and integrations amplify Kaspr's distribution reach. The combined entity operates across European and global markets. The Kaspr Chrome extension integrates with LinkedIn as its primary data extraction surface, and the platform connects to CRM systems and sales engagement tools for data export. Third-party data providers supplement the LinkedIn-scraped dataset. The acquisition by Cognism means organizations using either platform may now be accessing data with shared provenance, including contacts from Kaspr's pre-fine scraping practices. The ecosystem creates a data supply chain where LinkedIn profile data flows through Kaspr into Cognism and ultimately to end-user sales teams across both platforms.
Evidence

Evidence Artifacts

Artifacts collected during analysis, available with evidence-tier access.

HAR Capture

Complete network capture with all requests and responses

IOC Manifest

51 detection signatures across scripts, domains, cookies, and network endpoints

Vendor Details