Online movie-ticket vendor Fandango and credit-report site Credit Karma face 20 years of security assessments as part of a settlement of charges that they exposed customers’ personal information to identity thieves, the U.S. Federal Trade Commission announced on Tuesday (Aug. 19).
In March, the FTC charged both companies with advertising that they handled payment-card information securely, while actually disabling the default security features of their mobile apps, which would have used SSL certificate verification to protect the information.
We’d love to be your preferred source for news.
Please add us to your preferred sources list so our news, data and interviews show up in your feed. Thanks!
According to the FTC complaints, the Fandango iOS app exposed customers’ credit card numbers, security codes, expiration dates, Zip codes, email addresses and passwords. The Credit Karma iOS and Android apps exposed Social Security Numbers, names, dates of birth, home addresses, phone numbers, email addresses, passwords, credit scores and credit report details such as account names and balances.
Under the settlements, both companies will have to establish comprehensive security programs to address security risks during app development, and to undergo independent security assessments every other year for the next 20 years. The settlements also prohibit Fandango and Credit Karma from misrepresenting the level of privacy or security of their products and services.
Add as Preferred Source
