For several years, LifeLock has been so brash about their skills at protecting customers from ID theft that they not only drove around a truck displaying their CEO’s Social Security Number in public, they also advertised his SSN on TV ads. But that hubris has come back to bite them on the rear, as LifeLock has just agreed to a $11 million settlement with the Federal Trade Commission over the bulked-up claims made in their ads.
Among some of the statements the FTC took issue with in its complaint were:
• “By now you’ve heard about individuals whose identities have been stolen by identity thieves… LifeLock protects against this ever happening to you. Guaranteed.”
• “Please know that we are the first company to prevent identity theft from occurring.”
• “Do you ever worry about identity theft? If so, it’s time you got to know LifeLock. We work to stop identity theft before it happens.”
• “Only authorized employees of LifeLock will have access to the data that you provide to us, and that access is granted only on a ‘need to know’ basis.”
• “All stored personal data is electronically encrypted.”
• “LifeLock uses highly secure physical, electronic, and managerial procedures to safeguard the confidentiality and security of the data you provide to us.”
However, FTC Chairman Jon Leibowitz states the Commission’s feelings bluntly: “While LifeLock promised consumers complete protection against all types of identity theft, in truth, the protection it actually provided left enough holes that you could drive a truck through it.”
In their complaint, the FTC charged that the “fraud alerts that LifeLock placed on customers’ credit files protected only against certain forms of identity theft and gave them no protection against the misuse of existing accounts, the most common type of identity theft.”
The FTC also says the service provided no protection against medical identity theft or employment identity theft.
According to the complaint, contrary to the above statement, the sensitive data held by LifeLock “was not encrypted, and sensitive consumer information was not shared only on a ‘need to know’ basis.” Furthermore, the FTC claims that LifeLock’s data system was vulnerable and could have been easily exploited.
In addition to the monetary settlement, LifeLock has been barred from making any claims that its services are 100% secure. Also named in the settlement were the company’s co-founders, who are hereby barred from making any similar claims with any other businesses.
“This agreement effectively prevents LifeLock from misrepresenting that its services offer absolute prevention against identity theft because there is unfortunately no foolproof way to avoid ID theft,” Illinois Attorney General Lisa Madigan said. “Consumers can take definitive steps to minimize the chances of having their personal information stolen, and this settlement will help them make more informed decisions about whether to enroll in ID theft protection services.”
LifeLock will pay $11 million to the FTC, which will be used to pay refunds to customers. An additional $1 million will be divided up by the Attorneys General of 35 different states who participated in the investigation.
The FTC will be sending out letters to current and former LifeLock customers about the refunds, along with instructions for applying. You can also call 202-326-3757 or go to www.ftc.gov/lifelock for the latest information.