Feds: Fandango Customers Were Vulnerable to Hackers, Identity Theft

The movie-ticket company and a credit-monitoring service settle FTC charges.

Fandango puppets
National Journal
March 28, 2014, 10:28 a.m.

If you bought movie tick­ets between 2009 and 2013 on Fan­dango’s mo­bile app, your cred­it-card in­form­a­tion may have been an easy tar­get for hack­ers.

Fan­dango settled a law­suit with the Fed­er­al Trade Com­mis­sion on Fri­day over charges that it failed to take ba­sic steps to pro­tect user data on its app for iPhones and iPads.

Cred­it Karma, a cred­it-check­ing ser­vice, settled sim­il­ar charges Fri­day with the FTC for fail­ing to pro­tect mo­bile-app data.

Neither com­pany is re­quired to pay any fin­an­cial pen­alty as part of the set­tle­ments, al­though both Fan­dango and Cred­it Karma are re­quired to es­tab­lish “com­pre­hens­ive se­cur­ity pro­grams” and to un­der­go in­de­pend­ent se­cur­ity as­sess­ments every oth­er year for the next 20 years.

Ac­cord­ing to the law­suits, the com­pan­ies dis­abled a de­fault en­cryp­tion pro­cess, known as SSL cer­ti­fic­a­tion. As a res­ult, hack­ers could have eas­ily in­ter­cep­ted private in­form­a­tion, es­pe­cially on pub­lic Wi-Fi net­works of­ten found in cof­fee shops, shop­ping cen­ters, or air­ports, the FTC said.

Des­pite the vul­ner­ab­il­ity, Fan­dango as­sured cus­tom­ers that their cred­it card in­form­a­tion was safe as they checked out. Cred­it Karma claimed it was us­ing “in­dustry-lead­ing se­cur­ity pre­cau­tions.”

In a state­ment Fri­day, Fan­dango said it up­graded its se­cur­ity in March 2013 and that it is not aware of any cus­tom­ers who had their in­form­a­tion stolen.

“Se­cur­ity is among Fan­dango’s top pri­or­it­ies, and we are fully com­mit­ted to pro­tect­ing our cus­tom­ers’ per­son­al in­form­a­tion,” the com­pany said. “We have re­viewed and heightened our se­cur­ity pro­gram to pro­tect our cus­tom­ers’ per­son­al in­form­a­tion, across all of Fan­dango’s products and plat­forms, and we test reg­u­larly for data se­cur­ity.”

A Cred­it Karma spokes­man said the com­pany has ad­dressed the se­cur­ity is­sue and is not aware of any lost data.

FTC Chair­wo­man Edith Ramirez noted that con­sumers are in­creas­ingly re­ly­ing on mo­bile apps to make pur­chases and handle sens­it­ive fin­an­cial in­form­a­tion.

“Our cases against Fan­dango and Cred­it Karma should re­mind app de­velopers of the need to make data se­cur­ity cent­ral to how they design their apps,” she said.

Sen­ate Com­merce Com­mit­tee Chair­man Jay Rock­e­feller, Sen­ate Ju­di­ciary Com­mit­tee Chair­man Patrick Leahy, and oth­er law­makers are push­ing bills that would al­low the FTC to fine com­pan­ies for in­ad­equate data-se­cur­ity prac­tices.

The FTC is cur­rently in­vest­ig­at­ing Tar­get over last year’s massive hack of cred­it-card in­form­a­tion.

What We're Following See More »
ATTACHED TO UNRELATED BILL
House Republicans Look to Pass End-of-Year Tax Bill
11 hours ago
THE LATEST

"House Republicans have gone back to the drawing board on end-of-year tax legislation. On Monday morning they introduced new legislative text to reform retirement savings, delay Obamacare-related taxes, and provide technical corrections to the tax overhaul law they passed last year. If enacted, the bill would also provide tax benefits for communities that have suffered through natural disasters, including last month’s wildfires in California." The measure is attached to "a separate but unrelated bill to clear its potential path to becoming law."

Source:
SAYS THEY'RE BLACKMAILING HIM
Jerome Corsi Sues Mueller, Agencies for $350M
19 hours ago
THE LATEST

"The conservative writer and conspiracy theorist Jerome Corsi filed a lawsuit on Sunday accusing special counsel Robert Mueller of blackmailing him to lie about President Donald Trump in the investigation of Russian interference in the 2016 election. The suit, which seeks $350 million in actual and punitive damages in U.S. District Court in Washington, was filed six days after Corsi entered a formal complaint with the Justice Department alleging prosecutorial misconduct by Mueller." Corsi alleges that Mueller illegally leaked information from the grand jury, and that Mueller's team "threatened him with prison unless he agreed to testify falsely that he served as a liaison between WikiLeaks founder Julian Assange and the Republican political strategist Roger Stone."

Source:
BOTH SIDES' POSITIONS HAVE HARDENED OVER BORDER
Trump Meeting with Schumer, Pelosi on Tuesday
19 hours ago
THE LATEST

"A year-end spending deal to fund one-quarter of the federal government rests on a critical meeting this week between President Trump and two top Democrats. Senate Minority Leader Chuck Schumer, D-N.Y., and House Minority Leader Nancy Pelosi, D-Calif., will meet with Trump Tuesday morning to talk about what agreement the two sides can reach, if any, when it comes to funding for a southern border wall."

Source:
COHEN ASSISTING INVESTIGATION
Prosecutors Looking at Other Figures in Trump Org.
1 days ago
THE LATEST

In the wake of Michael Cohen's guilty plea, "the federal prosecutors in Manhattan shifted their attention to what role, if any, Trump Organization executives played in the campaign finance violations, according to people briefed on the matter. Mr. Cohen, Mr. Trump’s self-described fixer, has provided assistance in that inquiry, which is separate from the investigation by the special counsel, Robert S. Mueller III."

Source:
FINANCIAL CRIMES, PLUS LYING TO CONGRESS
Mueller Requests Four-Year Prison Time for Cohen
3 days ago
THE LATEST

"Michael Cohen, President Trump’s former lawyer, should receive a “substantial” prison term of roughly four years, federal prosecutors in New York said on Friday. Mr. Cohen, 52, is to be sentenced in Manhattan for two separate guilty pleas: one for campaign finance violations and financial crimes charged by federal prosecutors in Manhattan, and the other for lying to Congress in the Russia inquiry, filed by Mr. Mueller’s office."

Source:
×
×

Welcome to National Journal!

You are currently accessing National Journal from IP access. Please login to access this feature. If you have any questions, please contact your Dedicated Advisor.

Login