Security Settlement Reached for Credit Karma and Fandango

Posted on May 01, 2014

Have you ever bought a movie ticket using popular site Fandango?  Have you ever gotten a credit report from Credit Karma?  Have you used their mobile applications?  If you answered yes to those questions, your personal information could have been exposed.

The Federal Trade Commission (FTC for short) says Fandango's and Credit Karma's mobile applications could have leaked users' credit card data and social security numbers.  According to the FTC, the companies failed to properly secure their apps which may have exposed the information users sent or received.  The SSL certificate validation was disabled which allows hackers to intercept information.   

The security issue was fixed last year and both companies have said that they are not aware of any individual's information being compromised.  Fandango and Credit Karma agreed that they misrepresented the security of the apps and failed to secure the information.

As part of the settlements, the companies are prohibited from misrepresenting the privacy level or security of their services and products.  The companies also agreed to establish more security programs and undergo security assessments by an independant company every other year for the next 20 years.

It is not known how many people may have been compromised however, Credit Karma's app has been downloaded more than one million times and Fandango's has been downloaded more than 18.5 million times.  The information that may have been vulnerable through Fandango between March 2009 and March 2013 is consumers' credit card info, email addresses and passwords.  Credit Karma may have exposed, between July 2012 and January 2013, consumers' names, Social Security numbers, birthdates, addresses, phone numbers, and credit scores.