Tuesday, March 9, 2010
Lifelock to pay $12 Million in False ID Theft Protection Claims Settlement
"...Protection actually provided left enough holes that you could drive a truck through it" - FTC
03.09.2010 International Association of Privacy Professionals--/
In a press conference held Tuesday, March 9, Federal Trade Commission (FTC) Chairman Jon Leibowitz and Illinois Attorney General Lisa Madigan announced that LifeLock, Inc., has agreed to pay $11 million to the FTC and $1 million to a group of 35 state attorneys general to settle charges that the company’s claims of providing 100-percent protection against identity theft were false.
“While LifeLock promised consumers complete protection against all types of identity theft, in truth, the protection it actually provided left enough holes that you could drive a truck through it,” Leibowitz said.
In addition to the $12 million settlement, LifeLock and its co-founders Richard Todd Davis and Robert J. Maynard, Jr. are prohibited from making deceptive claims and required to better safeguard customers’ personal information.
According to the FTC’s complaint, LifeLock’s claims included protecting against identity theft “ever happening to you” and being “the first company to prevent identity theft from occurring.” The FTC, however, contended that LifeLock’s practice of placing fraud alerts on its customers’ credit reports only protected them against specific types of ID theft, but had no effect on the most common form: the misuse of existing credit card and bank accounts.
“There is nothing you can do or purchase that will provide you with a 100-percent
guarantee against identity theft,” Madigan said during Tuesday’s announcement, urging consumers to be aware of the steps they can take to protect their personal information. “Most of what they did you can do on your own, and you can do it for free.”
In addition to what the FTC described as deceptive identity theft protection claims, Leibowitz noted that LifeLock’s own data security practices did not adequately protect its customers’ information.
According to an FTC press release issued after Tuesday’s conference, LifeLock routinely collected sensitive information from its customers, including their Social Security numbers and credit card numbers, but did not encrypt the data. Additionally, the FTC alleges, “sensitive consumer information was not shared only on a ‘need to know’ basis…the company’s data system was vulnerable and could have been exploited by those seeking access to customer information.”
The FTC has confirmed it will use the $11 million it receives from the settlements to provide refunds to consumers. For more information, visit www.ftc.gov/lifelock.
— Jennifer L. Saunders IAPP