TribLIVE

| Business

 
Larger text Larger text Smaller text Smaller text | Order Photo Reprints

Fandango, Credit Karma reach settlement in credit-card exposure case

Email Newsletters

Click here to sign up for one of our email newsletters.

On the Grid

From the shale fields to the cooling towers, Trib Total Media covers the energy industry in Western Pennsylvania and beyond. For the latest news and views on gas, coal, electricity and more, check out On the Grid today.

'American Coyotes' Series

Traveling by Jeep, boat and foot, Tribune-Review investigative reporter Carl Prine and photojournalist Justin Merriman covered nearly 2,000 miles over two months along the border with Mexico to report on coyotes — the human traffickers who bring illegal immigrants into the United States. Most are Americans working for money and/or drugs. This series reports how their operations have a major impact on life for residents and the environment along the border — and beyond.

By The Associated Press
Saturday, March 29, 2014, 12:01 a.m.
 

PORTLAND, Ore. — The Federal Trade Commission said the mobile applications of movie ticket-seller Fandango and credit report-provider Credit Karma may have exposed millions of users' sensitive personal information, including credit card data and Social Security numbers.

The companies failed to properly secure their apps over a multiyear period, potentially exposing information users sent or received, according to the FTC.

Fandango and Credit Karma fixed the security issue last year.

The companies said on Friday that they are not aware of any individual's information being compromised. But the FTC said that because of the nature of the types of attacks, it would be nearly impossible to trace.

Fandango, owned by Comcast Corp., and Credit Karma agreed to settle FTC's charges that they misrepresented the security of their applications and failed to secure information.

As part of the settlements, the companies agreed to establish more comprehensive security programs and undergo independent security assessments every other year for the next 20 years. The settlements also prohibit Fandango and Credit Karma from misrepresenting the level of privacy or security of their products and services.

The FTC said Fandango and Credit Karma disabled a critical process, known as SSL certificate validation, which would have verified that communications were secure. Because of that, the applications were vulnerable to “man-in-the-middle” attacks, which allow attackers to intercept information.

“This is something that would be undetectable to either the consumer or the company,” Nithan Sannappa of the FTC's Bureau of Consumer Protection said.

This type of attack is more dangerous on public Wi-Fi networks, such as those available at coffee shops, airports and shopping centers. In these settings, the network is typically not secure, which leaves users relying largely on the security measures of their applications to protect them. Such attacks are possible on a secured network, but less likely, according to the FTC.

Subscribe today! Click here for our subscription offers.

 

 


Show commenting policy

Most-Read Business Headlines

  1. Shell shovels millions into proposed Beaver County plant site
  2. Off-duty but on call: Suits seek overtime
  3. Extended oil slump takes toll
  4. Muni bond funds stressed
  5. Companies hand out perks, benefits instead of pay raises
  6. Bond funds hold onto cash
  7. When it comes to home ownership, Hispanics finding locked doors
  8. Tech Q&A: Why you should test your router
  9. Of Caitlyn Jenner and workplace restrooms
  10. $2-per-gallon gas expected by year’s end, but not in Western Pa.
  11. Small business hangs on fate of Export-Import Bank