How will credit card leak damage Blippy?

Less than 24 hours after sharing-for-shoppers site Blippy gathered big media attention, Internet wiseguys figured out how to find some of its members’ credit card numbers in Google. How much will this hurt?
A lawyer who talked to VentureBeat on background — that’s reporter-speak for “he doesn’t want us to use his name” — thinks that Blippy needs to prepare for a pile-on of opportunists, government regulators, and just-plain-mad customers.
So far, there are no reports of identity theft from the published Citibank MasterCard numbers. And the ease with which they’re found in Google should make it easy for Citibank to compile a list of cards to replace. In fact, one of our readers thinks Citibank may have leaked the numbers themselves through an API call made from Blippy ’s servers to Citibank’s.
Blippy’s biggest worry may be that the company has failed to comply with Federal Trade Commission rules on protecting customer privacy.
“Noncompliance could open a company up to an FTC law enforcement action,” our lawyer source said, “including civil penalties and injunctive relief,” which means the company could be ordered to pay fines, or to perform actions that range all the way up to going out of business. In 2000, a judge ordered file-sharing service Napster to shut down.
Also, in America consumers are also allowed to separately sue businesses that don’t comply with the law. They can collect payments both for perceived damages, and to cover their own attorney’s fees. Now that it’s widely known the company has recently closed $11.2 million in funding, the odds are higher than before that lawyers will look for ways to sue.
Blippy, founded in 2009, is based in Silicon Valley and has raised a total of $12.9 million this year. The company’s investors include August Capital, Charles River Ventures, Sequoia Capital, Ron Conway, cofounder Philip Kaplan, Twitter CEO Evan Williams, Jason Calacanis, James Hong, and Ariel Poler.
Companies: Blippy, Citibank