Breach, Critical Infrastructure Security, Data Security, Network Security

LifeLock settles with FTC over ID theft product claims

LifeLock will pay $11 million to the Federal Trade Commission (FTC) and $1 million to a group of 35 state attorneys general to settle charges that the Tempe, Ariz.-based company made false claims about its identity theft products.

The FTC contended that LifeLock's claims were "deceptive" because the fraud alerts it places on customers' credit files can only protect against certain types of identity theft, such as new account fraud, which occurs when an ID thief opens up new financial accounts by using the victim's name and Social Security number.

However, the FTC's complaint alleged that LifeLock's services do not prevent against the "misuse of existing accounts," nor do they prevent medical or employment ID theft.

Under the agreement, announced this week, LifeLock is prohibited "from making deceptive claims and required to take more stringent measures to safeguard the personal information they collect from customers," according to an FTC news release.

"This agreement effectively prevents LifeLock from misrepresenting that its services offer absolute prevention against identity theft because there is unfortunately no foolproof way to avoid ID theft,” Illinois Attorney General Lisa Madigan said in the statement. “Consumers can take definitive steps to minimize the chances of having their personal information stolen, and this settlement will help them make more informed decisions about whether to enroll in ID theft protection services.”

The FTC also picked at some of LifeLock's own data security measures, saying it collected confidential information from customers and did not encrypt it. And, the FTC charged, LifeLock's databases were vulnerable to attack.

LifeLock, in a statement, said the FTC charges related to the way the company did business more than two years ago. Last year, LifeLock settled with credit bureau Experian, agreeing not place any fraud alerts on customer credit files.

“We welcome federal and state efforts to regulate our industry because, at the end of the day, doing so helps to protect consumers from the risks of identity theft," LifeLock Chairman and CEO Todd Davis said in a statement emailed to SCMagazineUS.com. "We agreed to settle this matter in order to quickly put this behind us so we can get back to doing what we do best – helping to protect our members from identity theft.”

LifeLock, which bills itself as "#1 in identity theft protection," has gained national notoriety with commercials that show Davis' Social Security number on the side of a truck, while Davis tells the audience that he is confident his company's services will protect him – and potential customers – from having their identity stolen. But Davis reportedly has been a victim of ID theft.

An In-Depth Guide to Network Security

Get essential knowledge and practical strategies to fortify your network security.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds