In one of the largest FTC-state coordinated settlements on record, LifeLock and its principals will be barred from making deceptive claims and required to take more stringent measures to safeguard the personal information they collect from customers.
LifeLock, which has extensively advertised its identity theft
protection services on television, agreed to pay $11 million Feb. 10 as
part of a settlement with the Federal Trade Commission over
claims that LifeLock used false claims to promote its services.
LifeLock also agreed to pay another $1 million to a group of 35 state
attorneys general to settle similar claims.
In
one of the largest FTC-state coordinated settlements on record,
LifeLock and its principals will be barred from making deceptive claims
and required to take more stringent measures to safeguard the personal
information they collect from customers.
"While
LifeLock promised consumers complete protection against all types of
identity theft, in truth, the protection it actually provided left
enough holes that you could drive a truck through it," FTC Chairman Jon
Leibowitz said in a statement.
Since 2006,
LifeLock's ads have claimed that it could prevent identity theft for
consumers willing to sign up for its $10-a-month service. The FTC's
complaint charged that the fraud alerts that LifeLock placed on
customers' credit files protected only against certain forms of
identity theft and gave them no protection against the misuse of
existing accounts, the most common type of identity theft. It also
allegedly provided no protection against medical identity theft or
employment identity theft, in which thieves use personal information to
get medical care or apply for jobs.
The FTC's
complaint further alleged that LifeLock also claimed that it would
prevent unauthorized changes to customers' address information, that it
constantly monitored activity on customer credit reports, and that it
would ensure that a customer always would receive a telephone call from
a potential creditor before a new account was opened. The FTC charged
that those claims were false.
The FTC charged that
LifeLock's data was not encrypted, and sensitive consumer information
was not shared only on a "need-to-know" basis. In fact, the agency
charged, the company's data system was vulnerable and could have been
exploited by those seeking access to customer information.
"This
agreement effectively prevents LifeLock from misrepresenting that its
services offer absolute prevention against identity theft because there
is unfortunately no foolproof way to avoid ID theft," Illinois Attorney
General Lisa Madigan said. "Consumers can take definitive steps to
minimize the chances of having their personal information stolen, and
this settlement will help them make more informed decisions about
whether to enroll in ID theft protection services."
Email
Print
