Feds: Fandango Customers Were Vulnerable to Hackers, Identity Theft

The movie-ticket company and a credit-monitoring service settle FTC charges.

Fandango puppets
National Journal
Brendan Sasso
Add to Briefcase
Brendan Sasso
March 28, 2014, 10:28 a.m.

If you bought movie tick­ets between 2009 and 2013 on Fan­dango’s mo­bile app, your cred­it-card in­form­a­tion may have been an easy tar­get for hack­ers.

Fan­dango settled a law­suit with the Fed­er­al Trade Com­mis­sion on Fri­day over charges that it failed to take ba­sic steps to pro­tect user data on its app for iPhones and iPads.

Cred­it Karma, a cred­it-check­ing ser­vice, settled sim­il­ar charges Fri­day with the FTC for fail­ing to pro­tect mo­bile-app data.

Neither com­pany is re­quired to pay any fin­an­cial pen­alty as part of the set­tle­ments, al­though both Fan­dango and Cred­it Karma are re­quired to es­tab­lish “com­pre­hens­ive se­cur­ity pro­grams” and to un­der­go in­de­pend­ent se­cur­ity as­sess­ments every oth­er year for the next 20 years.

Ac­cord­ing to the law­suits, the com­pan­ies dis­abled a de­fault en­cryp­tion pro­cess, known as SSL cer­ti­fic­a­tion. As a res­ult, hack­ers could have eas­ily in­ter­cep­ted private in­form­a­tion, es­pe­cially on pub­lic Wi-Fi net­works of­ten found in cof­fee shops, shop­ping cen­ters, or air­ports, the FTC said.

Des­pite the vul­ner­ab­il­ity, Fan­dango as­sured cus­tom­ers that their cred­it card in­form­a­tion was safe as they checked out. Cred­it Karma claimed it was us­ing “in­dustry-lead­ing se­cur­ity pre­cau­tions.”

In a state­ment Fri­day, Fan­dango said it up­graded its se­cur­ity in March 2013 and that it is not aware of any cus­tom­ers who had their in­form­a­tion stolen.

“Se­cur­ity is among Fan­dango’s top pri­or­it­ies, and we are fully com­mit­ted to pro­tect­ing our cus­tom­ers’ per­son­al in­form­a­tion,” the com­pany said. “We have re­viewed and heightened our se­cur­ity pro­gram to pro­tect our cus­tom­ers’ per­son­al in­form­a­tion, across all of Fan­dango’s products and plat­forms, and we test reg­u­larly for data se­cur­ity.”

A Cred­it Karma spokes­man said the com­pany has ad­dressed the se­cur­ity is­sue and is not aware of any lost data.

FTC Chair­wo­man Edith Ramirez noted that con­sumers are in­creas­ingly re­ly­ing on mo­bile apps to make pur­chases and handle sens­it­ive fin­an­cial in­form­a­tion.

“Our cases against Fan­dango and Cred­it Karma should re­mind app de­velopers of the need to make data se­cur­ity cent­ral to how they design their apps,” she said.

Sen­ate Com­merce Com­mit­tee Chair­man Jay Rock­e­feller, Sen­ate Ju­di­ciary Com­mit­tee Chair­man Patrick Leahy, and oth­er law­makers are push­ing bills that would al­low the FTC to fine com­pan­ies for in­ad­equate data-se­cur­ity prac­tices.

The FTC is cur­rently in­vest­ig­at­ing Tar­get over last year’s massive hack of cred­it-card in­form­a­tion.

What We're Following See More »
ONLY BROAD PRINCIPLES
Mulvaney: Tax Reform Details Won’t Be Released This Week
5 minutes ago
THE LATEST

Despite President Trump's announcement that his tax reform proposal would be released this week, Office of Management and Budget Director Mick Mulvaney now says it will be ready in June. This week's announcement will be limited to "specific governing principles."

Source:
OFFSHORE OIL AND GAS
Trump To Sign Order Calling For Expanded Drilling
1 hours ago
THE DETAILS

Donald Trump is expected Monday to sign an executive order which will mark his administration's first action on offshore oil and gas drilling. The order is expected to call for a "review of the locations available for offshore oil and gas exploration and of certain regulations governing offshore oil and gas exploration."

Source:
DOMESTIC PRIORITIES
Pence Cuts Asia Trip Short For Big Week
1 hours ago
THE DETAILS

Vice President Mike Pence has cut his Asia trip short "to race back to Washington, where the Trump administration faces a critical week on tax reform and a funding plan to keep the government running, an aide said on Sunday." Pence will return to Washington on Tuesday morning instead of Wednesday. Trump has a busy week ahead, as he plans to roll out a tax reform on framework, sign a number of executive orders, and works to keep the government open past Friday.

Source:
24% GOOD ENOUGH FOR FIRST PLACE
Macron, Le Pen Lead French Elections
3 hours ago
THE LATEST

"Centrist Emmanuel Macron and far-right politician Marine Le Pen led the first round of voting in France’s presidential election, according to early projections, as voters redrew the political map, placing the European Union at the center of a new political divide. Projections by the Kantar-Sofres polling firm showed Mr. Macron on track to win the first round with about 24% of the vote, ahead of Ms. Le Pen with nearly 22%." The vote marks the end of the country's dominance by conservative and socialist parties. The top vote-getters head to a runoff on May 7.

Source:
MENDING FENCES?
Trump to Deliver Keynote for Holocaust Memorial Event
3 hours ago
THE DETAILS

President Trump will deliver the keynote address for at the National Holocaust Museum's National Day of Remembrance ceremony on Tuesday. He'll speak from the Capitol Rotunda. The move is likely an effort to try to mend fences with Jewish groups. In January, "the White House ignited controversy when it didn't mention Jews or anti-Semitism in a statement on International Holocaust Remembrance Day." And certain members of his inner circle are still suspected of harboring white supremacist or anti-Semitic views."

Source:
×
×

Welcome to National Journal!

You are currently accessing National Journal from IP access. Please login to access this feature. If you have any questions, please contact your Dedicated Advisor.

Login