LifeLock Has To Pay $12 Million For Bogus Advertising, Little Actual Protection And Awful Security

from the feel-safer? dept

AdamR was the first of a few of you to point out that the FTC (along with 35 state attorneys general) has fined Lifelock $12 million for a variety of misdeeds, starting with bogus advertising. This should be no surprise to Techdirt readers, as the discussions around LifeLock have always raised a lot more questions than were answered. It kicked off with the fact that LifeLock's CEO, who proudly places his Social Security Number on ads to "prove" how convinced he is that LifeLock will protect him... was a victim of identity fraud himself. Oh, and there was also the stuff about how one of the founder's of the company had a past that involved doing bad things with the private information of his own customers. And then there was the story about how the CEO of LifeLock, after having his own identity fraudulently used, went to the home of the guy who did it to "coerce a confession."

But the bigger questions were about the service itself. All it really did was put a fraud block on your credit, which you could do for free. It didn't stop people from using your existing credit cards if they had access to the information, or from taking out loans in your name (which is what happened to the CEO) -- even though its advertisements implied you'd be safe from such situations (which are more common than someone taking out a credit card in your name). Oh, and then there was the fact that the fraud reports that Lifelock would put on accounts were found to be illegal.

All that looks pretty bad -- and it gets worse as you read the details of the FTC slapdown. There was the questionable advertising, which went beyond just false implied promises -- to sending out letters that tried to claim that the recipient's info "wasn't safe" as a scare tactic. On top of that, apparently, LifeLock itself wasn't particularly secure with how it handled its customers private information. This fact looks even worse when you realize that LifeLock would prey on firms who had recently had data breaches, and suggest they sign up customers for a "free" year of LifeLock -- thereby putting their data at risk yet again. Not only was the data not properly handled, but LifeLock falsely claimed that the data was encrypted and only authorized employees would have access. Neither turned out to be true. Basically, it sounds like rather than protect your identity, LifeLock put you at greater risk.


Reader Comments (rss)

(Flattened / Threaded)

  •  
    identicon
    Anonymous Coward, Mar 10th, 2010 @ 7:55am

    Say it ain't so...

    But Rush Limbaugh recommended it to me... it must be secure!
    He should get fined too!!

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      Dark Helmet (profile), Mar 10th, 2010 @ 8:04am

      Re: Say it ain't so...

      That wasn't his fault....he was high....

       

      reply to this | link to this | view in chronology ]

      •  
        identicon
        Anonymous Coward, Mar 10th, 2010 @ 8:20am

        Re: Re: Say it ain't so...

        I can relate to that...
        I was gonna go to court, before I got high.
        I was gonna pay my child support, but then I got high.

        But the judge was not so understanding.
        (is that fair use or am I going to get sued by Afroman now?)

         

        reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Mar 10th, 2010 @ 8:01am

    Simply outlawing the credit reporting services, would shut down 100% of the need for services like lifelock, and probably 90% of the credit fraud as a whole.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Dave, Mar 10th, 2010 @ 8:11am

    Kind of sucks that I'm just reading about this now. I work for Office Depot who had a breach about a year ago I think and we were all told we should sign up for LifeLock. I did, but now I'm really regretting it.

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    Overcast (profile), Mar 10th, 2010 @ 8:12am

    Yeah, Todd doesn't have his SS# on the page anymore either.. heh

    To their credit though: it's hard to stop dedicated thieves.

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    mjb5406 (profile), Mar 10th, 2010 @ 8:49am

    It's easy to say data is encrypted

    Saying that data is encrypted doesn't make it so. The latest scam being reported by the press is a site called BadCustomer.com, which allows merchants to record customers who have made chargebacks against them. A merchant can use the data there to decline a customer's credit card. The company says that the data is encrypted and "even the IT staff can;t read it". That last statement is pure fanasy... if the IT staff developed the encryption program, they can read the data I used to work (about 6 years ago) for a well known retailer who collected and retained customer data (the nature of which I won't reveal, since it would, most assuredly disclose the company's name). They told all the customers that the data, maintained in an Oracle database, was encrypted and secure. Guess what? At the time, it was not, and all of the IT staff had access to it. So, don't believe it when a company claims encryption and that "nobody can access the data:.

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Mar 10th, 2010 @ 9:09am

      Re: It's easy to say data is encrypted

      "That last statement is pure fanasy... if the IT staff developed the encryption program, they can read the data"

      That's not true if they did their job properly. Properly implimented encryption will NOT allow that.

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonym, Mar 10th, 2010 @ 9:09am

    Don't forget the ControlScam slapdown too

    "The U.S. Federal Trade Commission (FTC) on Thursday (Feb. 25) screamed “the Emperor has no clothes” by reporting to consumers that one of the largest firms issuing “Verified Secure Breach Protection” seals doesn’t really verify much at all. "

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    yozoo, Mar 10th, 2010 @ 11:35am

    Talk Radio Never Lies

    Lifelock is a scam . . . next your going to tell me my Non-Hybrid Seed Vault is no good either . . . damn you Glenn Beck! Now what will I trade for gasoline when the rapture comes!

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    DeniseRichardson (profile), Mar 10th, 2010 @ 9:49pm

    What's so bad about a company trying to help victims?

    These new rules will provide direction and regulations that help those serious about stopping identity theft, and it will hold advertisers accountable. This should separate out the good from the bad

    However this settlement is over advertising that the FTC claims was misleading to consumers for the period March 2005 to April 2008. And for issues the FTC had with their services during their earlier days. Not their current services. It is very old news and the service they offer today -is far superior than what they offered in earlier days.

    Now, if you want to talk about aggressive marketing, no one can beat the singing pirates: f.r.e.e. spells free baby -not! Yet remarkably, the FTC went after them with spoof videos!
    http://www.givemebackmycredit.com/blog/free-credit-reports/

    Over the years identity theft has grown -and so has LifeLock -for the better! They have not only continued to create new and innovate products and services -but they have turned to advance technology and began tapping into ways that a consumer can NOT utilize to protect themselves. What's so wrong with that?

    They continue to educate consumers and work with law enforcement communities via free seminars throughout the country and build partnerships with an array of victim organizations and security minded professionals.

    Unlike the credit bureaus, we actually have a choice whether or not we want to utilize their services. I am proud of Lifelock’s proven commitment to consumer education and the law enforcement communities. I know that they will continue doing what they already do extremely well: finding new ways to reduce the risk and lessen the impact of fraud. And we should too.

    Now having said that, in the interest of full disclosure, LifeLock has paid me to speak at their free identity theft seminars as one of their Certified Identity Theft Risk Management Specialists. To be clear, I get paid to talk about identity theft, I don’t get paid to promote LifeLock.

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    victimadvocate (profile), Mar 11th, 2010 @ 4:48am

    Yes, READ

    Yes, actually READ the FTC complaint. Old news. Very old news. Would it make a difference for anyone to know that LifeLock is registered ISO 27001 SINCE January 2007? That is platinum standard! Does that impact the credibility of accusations that they don’t protect data. And scare tactics? The IL AG mentions IN THE SAME press conference the huge data breach problem. In December 2009, Albert Gonzalez sold 130 million credit cards wardriving. ONE gang that was caught of thousands of people here and abroad working to get YOUR information. We can’t be concerned enough! You might not want LifeLock services but working with ID theft victims as an advocate, you bet I do. I know what those services are and I will remain a LifeLock member. And while a judge has decided that I can’t hire a third-party to place fraud alerts if I (me, myself) want to for every member of my family, every 90 days (do the math and it would well be worth it to me if I could), it is ignorance not to use fraud alerts as at least ONE tool to help protect my information. Law enforcement knows full well id theft is a massive problem. They also know the prosecution rate is so abysmally small that it is much easier to be ‘id theft champions’ by hammering those who are trying to do something. And yes, the thieves are happily at work knowing that even less attention is paid to them and their victims.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Betty Chambers, Mar 11th, 2010 @ 8:12am

    Fraudsters

    LifeLock is offering a solution to an impossible problem. Identity fraud has been around since Spartacus - y'all remember that scene from the old flick, right?

    Today the problem is companies issuing easy credit to the fraudsters. Then these companies are bailed out with government funds (our money), or they help write onerous laws locking us into a lifetime of debt we didn't incur.

    It would help if the law against asking people for their SOC SEC was actually enforced. Phone companies and the like shouldn't be asking for it....

    That was my .02, I'm broke now.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Lenny, Jun 28th, 2010 @ 9:05pm

    Bogus

    The original ad with CEO's Social security number was ridiculous - the guy claimed he wasn't worried about putting his real SS # out there in the open, but the number was bogus!!! The two middle digits in every real SS# is an even number and his number was showing -55- so it was a lie from the get go!

     

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This