Today the Federal Trade Commission announced that identity protection company LifeLock will pay $100 million for playing fast and loose with its customers’ sensitive information, including names, social security numbers, credit card numbers, and bank information.
The settlement is the largest payout the FTC has ever won through an enforcement action. Customers who were part of a class-action suit against the company will get $68 million of that. The remainder of the sum "will be provided to the FTC for use in further consumer redress,” the FTC's press release states.
LifeLock was given a slap on the wrist and a $12 million fine in 2010 for falsely advertising its identity theft protection services. The company had advertised that for $10 a month, it would guarantee protection against identity theft, but the FTC charged that LifeLock merely put fraud alerts on its customers' credit files, which did not protect against identity theft from existing accounts, nor did it prevent fraudsters from using a person’s ID to get medical care or to apply for jobs. LifeLock’s CEO, Todd Davis, famously advertised his company’s services by displaying his social security number in ads. That act of hubris reportedly resulted in Davis’ identity being stolen 13 times.
At the time, the FTC also accused LifeLock of claiming that its customers’ information was more secure than it actually was, when in fact the information the company received was not encrypted, nor was there a system in place to reduce employee access to the company’s database.
LifeLock was ordered to implement better security practices, but in a new complaint filed in July of this year, the FTC alleged that LifeLock failed to implement the required changes.
more....
LifeLock ID protection service to pay record $100 million for failing customers | Ars Technica
The settlement is the largest payout the FTC has ever won through an enforcement action. Customers who were part of a class-action suit against the company will get $68 million of that. The remainder of the sum "will be provided to the FTC for use in further consumer redress,” the FTC's press release states.
LifeLock was given a slap on the wrist and a $12 million fine in 2010 for falsely advertising its identity theft protection services. The company had advertised that for $10 a month, it would guarantee protection against identity theft, but the FTC charged that LifeLock merely put fraud alerts on its customers' credit files, which did not protect against identity theft from existing accounts, nor did it prevent fraudsters from using a person’s ID to get medical care or to apply for jobs. LifeLock’s CEO, Todd Davis, famously advertised his company’s services by displaying his social security number in ads. That act of hubris reportedly resulted in Davis’ identity being stolen 13 times.
At the time, the FTC also accused LifeLock of claiming that its customers’ information was more secure than it actually was, when in fact the information the company received was not encrypted, nor was there a system in place to reduce employee access to the company’s database.
LifeLock was ordered to implement better security practices, but in a new complaint filed in July of this year, the FTC alleged that LifeLock failed to implement the required changes.
more....
LifeLock ID protection service to pay record $100 million for failing customers | Ars Technica
