Personal Finance

FTC Approves Credit Karma & Fandango Settlement for Failing to Secure Data

Credit Karma and Fandango have settlement with the FTC approved
It’s what has been expected. The Federal Trade Commission (FTC) approved the settlements with both Credit Karma and Fandango for their failure to take reasonable steps to secure their mobile apps. By not doing so, both companies made the sensitive personal and financial data of their consumers vulnerable to hackers.

The settlement was first proposed in March 2014. Under it, both companies are required to establish comprehensive security programs to be followed for all future development of their apps to address possible security risks. In addition, the two companies are required to have these measures reviewed with an independent security assessment every two years through the year 2034.

Both company’s apps had vulnerabilities which had the potential to expose consumers’ sensitive information to hackers using “man-in-the-middle” attacks. This was possible because both companies had disabled the SSL certificate verification process which tells the app to verify communication over the app is secure. With it being disabled, it made it possible for hackers to easily see the sensitive information sent or received by the app.

For consumers using the Credit Karma app, the sensitivity of the information was quite significant. Man in the middle attacks could have accessed names, phone numbers, dates of birth, home addresses, passwords, credit scores, social security numbers and a variety of other important financial data. This information was enough for thieves to then easily steal the person’s identity.

Edith Ramirez, the FTC chairwoman, noted, “Consumers are increasingly using mobile apps for sensitive transactions. Yet research suggests that many companies, like Fandango and Credit Karma, have failed to properly implement SSL encryption. Our cases against Fandango and Credit Karma should remind app developers of the need to make data security central to how they design their apps.”

While the FTC settlement hasn’t seemed to affect the BBB rating of Fandango, it has taken a toll on the BBB rating of Credit Karma, which has fallen from an A to a B rating.

8 thoughts on “FTC Approves Credit Karma & Fandango Settlement for Failing to Secure Data

  1. This was a really stupid things for Credit Karma to do, especially since they are a company that gives out credit information and offers a credit monitoring service. You would think security would be their top concern, but it obviously wasn’t.

  2. This is the reason I stopped using them. Well, that and because I started to get my credit score for free through my Discover Card monthly statement so there was no need to go there to see it. I’m not sure the settlement helps to resolve the damage that was done by not securing people’s information.

  3. If people would just follow Dave Ramsey and not care about their credit score and credit report, then they would never have this information exposed to delinquents. It just goes to show that Dave is right and caring about your credit score is only going to get you into trouble.

  4. Whew, there for a second I was afraid faith wasn’t going to show up to warn us of the dangers of credit scores!

    In other news, just earned an extra 35 bucks this month in credit card rewards while paying no interest. Thank you, credit score!

  5. It works. Only those who accept that credit is important think this way. You need to change the way you think about debt, or you will become a slave to debt.

  6. But how much extra did you spend to get that $35? Studies show people who use credit cards spend more money than those who use cash.

  7. Exactly zero. 90% of my rewards come from gas and groceries. The rest come from fixed bills. It’s called using credit responsibly. You wouldn’t know, because you have a zero credit score.

Leave a Reply

Your email address will not be published. Required fields are marked *