Feds: Fandango Customers Were Vulnerable to Hackers, Identity Theft

The movie-ticket company and a credit-monitoring service settle FTC charges.

Fandango puppets
National Journal
Brendan Sasso
Add to Briefcase
Brendan Sasso
March 28, 2014, 10:28 a.m.

If you bought movie tick­ets between 2009 and 2013 on Fan­dango’s mo­bile app, your cred­it-card in­form­a­tion may have been an easy tar­get for hack­ers.

Fan­dango settled a law­suit with the Fed­er­al Trade Com­mis­sion on Fri­day over charges that it failed to take ba­sic steps to pro­tect user data on its app for iPhones and iPads.

Cred­it Karma, a cred­it-check­ing ser­vice, settled sim­il­ar charges Fri­day with the FTC for fail­ing to pro­tect mo­bile-app data.

Neither com­pany is re­quired to pay any fin­an­cial pen­alty as part of the set­tle­ments, al­though both Fan­dango and Cred­it Karma are re­quired to es­tab­lish “com­pre­hens­ive se­cur­ity pro­grams” and to un­der­go in­de­pend­ent se­cur­ity as­sess­ments every oth­er year for the next 20 years.

Ac­cord­ing to the law­suits, the com­pan­ies dis­abled a de­fault en­cryp­tion pro­cess, known as SSL cer­ti­fic­a­tion. As a res­ult, hack­ers could have eas­ily in­ter­cep­ted private in­form­a­tion, es­pe­cially on pub­lic Wi-Fi net­works of­ten found in cof­fee shops, shop­ping cen­ters, or air­ports, the FTC said.

Des­pite the vul­ner­ab­il­ity, Fan­dango as­sured cus­tom­ers that their cred­it card in­form­a­tion was safe as they checked out. Cred­it Karma claimed it was us­ing “in­dustry-lead­ing se­cur­ity pre­cau­tions.”

In a state­ment Fri­day, Fan­dango said it up­graded its se­cur­ity in March 2013 and that it is not aware of any cus­tom­ers who had their in­form­a­tion stolen.

“Se­cur­ity is among Fan­dango’s top pri­or­it­ies, and we are fully com­mit­ted to pro­tect­ing our cus­tom­ers’ per­son­al in­form­a­tion,” the com­pany said. “We have re­viewed and heightened our se­cur­ity pro­gram to pro­tect our cus­tom­ers’ per­son­al in­form­a­tion, across all of Fan­dango’s products and plat­forms, and we test reg­u­larly for data se­cur­ity.”

A Cred­it Karma spokes­man said the com­pany has ad­dressed the se­cur­ity is­sue and is not aware of any lost data.

FTC Chair­wo­man Edith Ramirez noted that con­sumers are in­creas­ingly re­ly­ing on mo­bile apps to make pur­chases and handle sens­it­ive fin­an­cial in­form­a­tion.

“Our cases against Fan­dango and Cred­it Karma should re­mind app de­velopers of the need to make data se­cur­ity cent­ral to how they design their apps,” she said.

Sen­ate Com­merce Com­mit­tee Chair­man Jay Rock­e­feller, Sen­ate Ju­di­ciary Com­mit­tee Chair­man Patrick Leahy, and oth­er law­makers are push­ing bills that would al­low the FTC to fine com­pan­ies for in­ad­equate data-se­cur­ity prac­tices.

The FTC is cur­rently in­vest­ig­at­ing Tar­get over last year’s massive hack of cred­it-card in­form­a­tion.

What We're Following See More »
REPEATS CONTROVERSIAL CLAIM
Trump: Clinton “Doesn’t Have The Stamina” to be President
4 hours ago
DEBATE UPDATE

At the end of the debate, moderator Lester Holt asked Donald Trump if he stands by his statement that Hillary Clinton didn't have the look of a president. Trump responded by saying Holt misquoted him, instead saying that Clinton "doesn't have the stamina." Clinton responded by saying that when Trump visits 112 countries as secretary of state, he can talk to her about stamina.

WIDELY DEBUNKED CLAIM
Trump: Clinton Camp Started Birtherism
5 hours ago
DEBATE UPDATE

Donald Trump, when pressed by Lester Holt on why he finally admitted that President Obama was born in America, repeated his widely debunked claim that it was started by Hillary Clinton.

“AFRICAN AMERICANS” ARE “LIVING IN HELL”
Conversation Shifts to Race
5 hours ago
DEBATE UPDATE

Hillary Clinton went point by point on how race can so often determine the treatment that people receive, mentioning recent shootings in Tulsa and Charlotte, calling for restored trust between communities and police, and demanding criminal justice reform. Trump responded by calling for law and order and touting his endorsements from police unions. He then said that “African Americans are living in hell,” saying they are just walking down the street and getting “shot ... being decimated by crime."

JUST AS CLINTON INVITES VIEWERS TO VISIT HER SITE
During Debate, Trump Site Appears to Be Down
5 hours ago
THE LATEST

Just as Hillary Clinton was inviting debate viewers to visit her site for real-time fact checking, there appeared to be a problem with Donald Trump's own campaign website. For about a 15-minute period, a blank page or an error message appeared when we tried to load the Trump site.

INTERRUPTS CLINTON MULTIPLE TIMES
Trump Comes Out Swinging
5 hours ago
DEBATE UPDATE

Donald Trump has come out in the first segment of this debate raring to go. Trump has interrupted nearly every answer being given by Hillary Clinton, talking over her time and again. Clinton is sticking to her guns, smiling while Trump speaks and then calling on people to go to her website and see the fact checking being done.

×