Five companies settled with the New York Attorney General over mobile app data security issues at the end of last year. The AG alleged that the companies, Western Union, Priceline, Equifax, Spark Networks, and Credit Sesame, had a well-known security vulnerability in their apps. This vulnerability resulted in insecure connections between the apps and the companies’ servers. As a result, a third party could easily have gained access to people’s sensitive information.
In its announcement, the AG pointed out that the vulnerability in question had been well known for many years, and that the FTC had reached a settlement in 2014 over the same issue. Also, that app developers can test their software for the vulnerability using “freely available software.” As part of the settlement the companies have agreed to implement comprehensive security programs to protect user information.
Putting it Into Practice: This settlement is a reminder that companies should keep in mind security measures when developing apps or other platforms that allow users to input personal information. These issues are of particular concern to regulators, including state regulators.