ALBANY — Five companies facing allegations by the New York state attorney general that their apps did not keep user information such as passwords, Social Security numbers, credit cards and bank accounts secure and left users vulnerable to being compromised have reached a settlement.
According to the New York Attorney General's Office, Western Union, Priceline, Equifax, Spark Networks and Credit Sesame's mobile apps did not properly secure users' private information with sufficient security measures. The companies failed to set up a reliable transport layer security (TLS) so that users would have a secure, encrypted connection over the internet when using public wifi. As a result, the apps allowed information to be open to identity theft and fraud, the Attorney General's Office said.
“Businesses that make security promises to their users – especially as it relates to personal information – have a duty to keep those promises,” New York Attorney General Barbara Underwood said in a statement. “My office is committed to holding businesses accountable and ensure they protect users’ personal information from hackers.”
As part of the settlement, the companies will create security programs that will prevent user information from potential breaches, according to Underwood's office.