New York Attorney General Barbara Underwood announced that the state has reached settlements with five companies regarding a security vulnerability present on each of their mobile apps. Going forward, the companies — Equifax, Western Union, Priceline, Spark Networks and Credit Sesame — will be required to implement security programs aimed at protecting their customers’ information.
“Businesses that make security promises to their users — especially as it relates to personal information — have a duty to keep those promises,” Underwood said in a statement. “My office is committed to holding businesses accountable and ensure they protect users’ personal information from hackers.” Underwood’s office said the apps in question failed to properly authenticate SSL/TLS certificates, which could allow third parties to intercept user data like passwords, social security numbers, credit card information and bank account numbers.
The attorney general’s office confirmed to Engadget that there were no monetary penalties associated with the settlements. But it said in a press release that the agreements were a result of an ongoing effort to identify security vulnerabilities before any user information had been stolen. “As part of this initiative, the office tested dozens of mobile apps that handle sensitive user information, such as credit card and bank account numbers,” it said.
Source: New York Attorney General