The Federal Trade Commission and 35 state attorneys general filed a complaint against the company that “charged that the company used false claims to promote its identity theft protection services,” according to a March 9th FTC press release. LifeLock will be responsible for paying the FTC $11 million dollars as well as an additional $1 million to the 35 state attorneys general.
To clarify a couple of points that aren’t currently being covered by the media:
- LifeLock did make misleading claims about how completely their product protected individuals, but to their credit, they toned those claims down considerably starting about a year ago. In essence then, the ruling pertains to LifeLock of old, not the current company, marketing materials or product offering.
- At about the same time as they changed advertising, LifeLock began adding features to its product that bolstered the quality of its monitoring services.
If LifeLock continues to support and bolster the “engine” underneath its product (namely, the sophisticated identity monitoring services that it has already started adding), it will serve as a very worthwhile product in the identity monitoring space.
Here are a few of the charges in the FTC’s complaint that were in the press release:
- The fraud alerts that LifeLock placed on customers’ credit files protected only against certain forms of identity theft and gave them no protection against the misuse of existing accounts, the most common type of identity theft.
- LifeLock allegedly provided no protection against medical identity theft or employment identity theft, in which thieves use personal information to get medical care or apply for jobs.
- LifeLock claimed that it would prevent unauthorized changes to customers’ address information, that it constantly monitored activity on customer credit reports, and that it would ensure that a customer always would receive a telephone call from a potential creditor before a new account was opened. The FTC charged that those claims were false.
- LifeLock allegedly made claims about its own data security that were not true. According to the FTC, LifeLock routinely collected sensitive information from its customers, including their social security numbers and credit card numbers.
- LifeLock’s data was not encrypted, and sensitive consumer information was not shared only on a “need to know” basis. In fact, the agency charged, the company’s data system was vulnerable and could have been exploited by those seeking access to customer information.
The $11 million that Lifelock is paying the FTC will be used to refund customers that were affected by these practices of Lifelock. Letters will be sent to current and former customers who might be eligible for financial refunds under this settlement. Any customers who think they may be involved in this settlement can recieve up to date information at 202-326-3757 and at Ftc.gov/lifelock.”
John Sileo became America’s leading Identity Theft Speaker & Expert after he lost his business and more than $300,000 to identity theft and data breach. His clients include the Department of Defense, Pfizer and the FDIC. To bring John in for your next meeting or conference, please contact him directly on 1.800.258.8076.