MoviePass, which shut its doors in January 2019, just settled with the Federal Trade Commission over allegations that it prevented customers from using the service as advertised and did not protect their data privacy. The company offered users one movie ticket per day for any movie at any theater for $9.95 a month but soon had to raise subscription fees and limit movie tickets. The FTC accused the company of deceptively marketing its services, invalidating customer passwords to prevent users from obtaining tickets, and failing to secure user data.

The Verge reports that, “under the proposed settlement, MoviePass, its parent company Helios and Matheson Analytics, its chief executive Mitch Lowe, and chairman Ted Farnsworth are forbidden from falsely representing their business and data security practices to customers.”

FTC acting director of the Bureau of Consumer Protection Daniel Kaufman stated that, “MoviePass and its executives went to great lengths to deny consumers access to the service they paid for while also failing to secure their personal information.” The FTC also accused MoviePass of starting a “ticket verification program as a means of discouraging people from using the service.”

The settlement requires MoviePass operators to “put comprehensive data security programs into place in any future ventures after saving MoviePass customer data in plain text.” FTC commissioner Rohit Chopra stated that, “since MoviePass went under before the FTC took action, the agency plans to open a docket for public comment on the proposed order.”

Variety reports the FTC settlement also stated that MoviePass, Helios and Matheson Analytics, former MoviePass chief executive Mitch Lowe and former Helios and Matheson chief executive Ted Farnsworth are “barred from misrepresenting their business and data security practices” and must “implement comprehensive information security programs” for any business they control in the future.

Helios and Matheson Analytics, after shutting down MoviePass in January 2019, filed for Chapter 7 liquidation in January 2020.

Among the company’s misdeeds was a ticket-verification program that “required subscribers to take and submit pictures of their physical movie ticket stubs for approval through the MoviePass app within a certain timeframe,” an action that, said the FTC, “blocked thousands of subscribers from using the service because of problems with the verification system.”

MoviePass also used “trip wires” to block users who viewed more than three movies per month, “after they collectively hit certain thresholds based on their monthly cost to the company.” The FTC also accused Lowe and Farnsworth as being “personally involved in the scheme … [which was] deceptive and harmful to consumers.”

The FTC accused the company operators of violating the Restore Online Shoppers’ Confidence Act (ROSCA), a federal law that “requires that firms be truthful with consumers when marketing negative-option services (such as subscriptions) over the Internet.”

The FTC charged MoviePass with not taking “reasonable steps to secure personal information it collected from subscribers, including their names, email addresses, birth dates, credit card numbers, and geolocation information.” Personal data was stored in plain text and “the company acknowledged that private customer information may have been exposed online.” The settlement does not, however, “include monetary relief for consumers.”