MoviePass Settles FTC Allegations of Deceptive Practices, Failure to Secure User Data

  • The Federal Trade Commission (“FTC”) reached a settlement with defunct movie subscription service MoviePass, Inc., as well as its parent company and executives (collectively “MoviePass”), to resolve allegations that it failed to reasonably secure consumer data and knowingly deceived subscribers by making its service difficult to use in violation of the FTC Act and Restore Online Shoppers’ Confidence Act.
  • The complaint alleged that MoviePass, which offered users one movie ticket per day for a flat monthly fee, took steps to block subscribers from using the service as advertised by, among other things, invalidating user account passwords while falsely claiming to have detected suspicious account activity, launching a strict ticket-verification program to deter use of the service, and blocking frequent users from utilizing the service after they hit undisclosed financial thresholds based on their monthly cost to the company.
  • In addition, the complaint alleged that MoviePass failed to take reasonable measures to secure consumer personal data when the financial information of approximately 28,191 consumers was exposed in a 2019 data breach.
  • Under the terms of the proposed order, MoviePass is prohibited from misrepresenting its business and data security practices. In addition, any business controlled by MoviePass must implement a comprehensive information security program that, among other things, includes specific security safeguards and is subject to third-party biennial assessments.