Security firm says companies such as EasyJet and the San Diego Zoo weren't using basic encryption, affecting half a million daily users.

It's e-commerce 101: A company has to encrypt your credit card data when you buy something online. Yet security company Wandera just found at least 16 companies, with a combined 500,000 daily users, who are not always encrypting data—specifically not on their mobile websites and, in some cases, their apps. Offenders range from giants like airlines EasyJet and Aer Lingus to the San Diego Zoo and the TriBeCa Med Spa in Manhattan. Data sent "in the clear" include credit card numbers, birth dates, and passport numbers. The kicker: Wandera has had a difficult time getting in touch with several of these companies to warn them ahead of announcing the vulnerabilities today. (Wandera confirms that easyJet has since fixed the vulnerability.)

Read Full Story