Identity-theft protection firm LifeLock again facing charges from FTC

The Federal Trade Commission says LifeLock -- which offers consumers monthly plans to guard against identity theft -- violated a 2010 settlement and continues to mislead customers.

Edward Moyer Senior Editor
Edward Moyer is a senior editor at CNET and a many-year veteran of the writing and editing world. He enjoys taking sentences apart and putting them back together. He also likes making them from scratch. ¶ For nearly a quarter of a century, he's edited and written stories about various aspects of the technology world, from the US National Security Agency's controversial spying techniques to historic NASA space missions to 3D-printed works of fine art. Before that, he wrote about movies, musicians, artists and subcultures.
  • Ed was a member of the CNET crew that won a National Magazine Award from the American Society of Magazine Editors for general excellence online. He's also edited pieces that've nabbed prizes from the Society of Professional Journalists and others.
Edward Moyer
3 min read

LifeLock CEO Todd Davis. The company is again facing charges from the FTC. LifeLock

LifeLock -- the security company that famously touted its identity-theft protection services by flaunting its CEO's Social Security number in ads ( only to then see his identity stolen) -- is again feeling the heat from the Federal Trade Commission.

The FTC, which agreed to a $12 million settlement with LifeLock in 2010 over deceptive-practices charges, said in court documents filed Tuesday that the company is continuing to make misleading claims about its service.

LifeLock offers consumers identity-theft protection plans for $10, $20 and $30 a month, as well as plans for businesses. But the FTC alleges that LifeLock failed to create and maintain "a comprehensive information security program" to protect customer data such as credit card, bank account and Social Security numbers.

The commission also said LifeLock falsely claimed in ads that it provided customers with the same sort of protections used by financial institutions, and that from at least January 2012 through December of last year, the company "falsely claimed it protected consumers' identity 24/7/365 by providing alerts 'as soon as' it received any indication there was a problem."

"It is essential that companies live up to their obligations under orders obtained by the FTC," Jessica Rich, director of the FTC's Bureau of Consumer Protection, said in a statement. "If a company continues with practices that violate orders and harm consumers, we will act."

Identity theft and other cybercrime is a major issue. In February, Netherlands-based security firm Gemalto reported that data breaches of computer systems at financial institutions, retail chains and other organizations were up 49 percent in 2014 versus the prior year. The number of lost or stolen records was up as well, to 78 percent, and Gemalto also said hackers are actively targeting individuals, with 54 percent of data-hacking incidents focused on identity theft.

In Tuesday's legal documents, filed with the U.S. District Court for the District of Arizona, the FTC asks the court to order LifeLock "to provide full redress" to customers affected by the settlement violations. The $12 million of the original settlement was earmarked for consumer refunds.

LifeLock said it has been in compliance with the 2010 settlement and that the commission's allegations aren't relevant to the way the company now does business.

"The claims raised by the FTC are all related to the past, not to current business practices," LifeLock said in its own statement. "As required by the FTC's consent order in 2010, LifeLock hired highly credentialed, independent professionals to assess its information security. We are committed to maintaining high standards and to continual improvement, and we have spent thousands of hours and millions of dollars to achieve those standards in full compliance with the order. Every audit completed by those third parties affirmed that we were in compliance."

The company also said it welcomed a court's involvement.

"After more than 18 months of cooperation and dialogue with the FTC, it became clear to us that we could not come to a satisfactory resolution of their issues outside a court of law," LifeLock said in its statement. "We disagree with the substance of the FTC's contentions and are prepared to take our case to court."