FTC Acts Against LifeLock
for ID Theft Misrepresentation
You might have seen LifeLock, Inc.’s advertisements in newspapers and on television claiming that the company will protect consumers from all types of identity theft. The ads frequently featured LifeLock’s president, Richard Todd Davis, giving out his social security number because he is confident the services his company provides will protect him—and all of us—from identity theft harm. You might have even seen advertisements on trucks where his social security number was displayed. The service cost consumers $10 per month.
I’ve been skeptical in the past about some of the identity theft prevention products and insurance being sold to consumers because of concern that the companies cannot provide the protections they are offering. Unfortunately for LifeLock, the Federal Trade Commission (FTC) and 35 state attorneys general have similar concerns and announced on March 9, 2010, that they jointly agreed to a settlement of charges whereby LifeLock will pay $11 million in penalties to the Federal Trade Commission (FTC) and $1 million in penalties to state attorneys general for a number of alleged misrepresentations.
LifeLock, according to the FTC, claimed:
• “By now you’ve heard about individuals whose identities have been stolen by identity thieves . . . LifeLock protects against this ever happening to you. Guaranteed.”
• Please know that we are the first company to prevent identity theft from occurring.”
• Do you ever worry about identity theft? If so, it’s time you got to know LifeLock. We work to stop identity theft before it happens.”
The FTC and state attorneys general alleged the company used false claims to promote its identity theft prevention services. For example, the FTC said, “The company’s fraud alerts that it placed on consumers’ credit files protected only against certain forms of identity theft and gave no protection against the misuse of existing accounts, the most common type of identity theft.” The FTC further alleged the company “provided no protection against medical or employment identity theft, in which the thieves use personal information to get medical care or apply for jobs.” The FTC added that LifeLock also falsely misrepresented that it could prevent unauthorized changes to customers’ address information, that it constantly monitored activity on customer credit reports, and that it would ensure a customer would always receive a telephone call from a potential creditor before a new account was opened.
Moreover, the FTC found, “LifeLock allegedly made claims about its own data security that were not true.” For example, the FTC noted that LifeLock “routinely collected sensitive information from its customers, including their social security numbers and credit card numbers.” While LifeLock claimed that it encrypted this data and granted internal access on only a “need to know” basis, the FTC found that this sensitive data was not encrypted and that the company’s data system was “vulnerable and could have been exploited by those seeking access to customer information.”
Oddly, the Wisconsin Department of Agriculture, Trade & Consumer Protection has received few consumer complaints against LifeLock the past two years. This may be the reason Wisconsin Attorney General J.B. Van Hollen was one of only a few who did not participate in the settlement.
The FTC will apply the $11 million penalty it received to customer refunds and will notify affected individuals by letter in the coming months.