LifeLock Has To Pay $12 Million For Bogus Advertising, Little Actual Protection And Awful Security
from the feel-safer? dept
AdamR was the first of a few of you to point out that the FTC (along with 35 state attorneys general) has fined Lifelock $12 million for a variety of misdeeds, starting with bogus advertising. This should be no surprise to Techdirt readers, as the discussions around LifeLock have always raised a lot more questions than were answered. It kicked off with the fact that LifeLock’s CEO, who proudly places his Social Security Number on ads to “prove” how convinced he is that LifeLock will protect him… was a victim of identity fraud himself. Oh, and there was also the stuff about how one of the founder’s of the company had a past that involved doing bad things with the private information of his own customers. And then there was the story about how the CEO of LifeLock, after having his own identity fraudulently used, went to the home of the guy who did it to “coerce a confession.”
But the bigger questions were about the service itself. All it really did was put a fraud block on your credit, which you could do for free. It didn’t stop people from using your existing credit cards if they had access to the information, or from taking out loans in your name (which is what happened to the CEO) — even though its advertisements implied you’d be safe from such situations (which are more common than someone taking out a credit card in your name). Oh, and then there was the fact that the fraud reports that Lifelock would put on accounts were found to be illegal.
All that looks pretty bad — and it gets worse as you read the details of the FTC slapdown. There was the questionable advertising, which went beyond just false implied promises — to sending out letters that tried to claim that the recipient’s info “wasn’t safe” as a scare tactic. On top of that, apparently, LifeLock itself wasn’t particularly secure with how it handled its customers private information. This fact looks even worse when you realize that LifeLock would prey on firms who had recently had data breaches, and suggest they sign up customers for a “free” year of LifeLock — thereby putting their data at risk yet again. Not only was the data not properly handled, but LifeLock falsely claimed that the data was encrypted and only authorized employees would have access. Neither turned out to be true. Basically, it sounds like rather than protect your identity, LifeLock put you at greater risk.
Filed Under: identity theft
Comments on “LifeLock Has To Pay $12 Million For Bogus Advertising, Little Actual Protection And Awful Security”
Say it ain't so...
But Rush Limbaugh recommended it to me… it must be secure!
He should get fined too!!
Re: Say it ain't so...
That wasn’t his fault….he was high….
Re: Re: Say it ain't so...
I can relate to that…
I was gonna go to court, before I got high.
I was gonna pay my child support, but then I got high.
But the judge was not so understanding.
(is that fair use or am I going to get sued by Afroman now?)
Simply outlawing the credit reporting services, would shut down 100% of the need for services like lifelock, and probably 90% of the credit fraud as a whole.
Kind of sucks that I’m just reading about this now. I work for Office Depot who had a breach about a year ago I think and we were all told we should sign up for LifeLock. I did, but now I’m really regretting it.
Yeah, Todd doesn’t have his SS# on the page anymore either.. heh
To their credit though: it’s hard to stop dedicated thieves.
It's easy to say data is encrypted
Saying that data is encrypted doesn’t make it so. The latest scam being reported by the press is a site called BadCustomer.com, which allows merchants to record customers who have made chargebacks against them. A merchant can use the data there to decline a customer’s credit card. The company says that the data is encrypted and “even the IT staff can;t read it”. That last statement is pure fanasy… if the IT staff developed the encryption program, they can read the data I used to work (about 6 years ago) for a well known retailer who collected and retained customer data (the nature of which I won’t reveal, since it would, most assuredly disclose the company’s name). They told all the customers that the data, maintained in an Oracle database, was encrypted and secure. Guess what? At the time, it was not, and all of the IT staff had access to it. So, don’t believe it when a company claims encryption and that “nobody can access the data:.
Re: It's easy to say data is encrypted
“That last statement is pure fanasy… if the IT staff developed the encryption program, they can read the data”
That’s not true if they did their job properly. Properly implimented encryption will NOT allow that.
Don't forget the ControlScam slapdown too
“The U.S. Federal Trade Commission (FTC) on Thursday (Feb. 25) screamed “the Emperor has no clothes” by reporting to consumers that one of the largest firms issuing “Verified Secure Breach Protection” seals doesn’t really verify much at all. “
Talk Radio Never Lies
Lifelock is a scam . . . next your going to tell me my Non-Hybrid Seed Vault is no good either . . . damn you Glenn Beck! Now what will I trade for gasoline when the rapture comes!
What's so bad about a company trying to help victims?
These new rules will provide direction and regulations that help those serious about stopping identity theft, and it will hold advertisers accountable. This should separate out the good from the bad
However this settlement is over advertising that the FTC claims was misleading to consumers for the period March 2005 to April 2008. And for issues the FTC had with their services during their earlier days. Not their current services. It is very old news and the service they offer today -is far superior than what they offered in earlier days.
Now, if you want to talk about aggressive marketing, no one can beat the singing pirates: f.r.e.e. spells free baby -not! Yet remarkably, the FTC went after them with spoof videos!
Over the years identity theft has grown -and so has LifeLock -for the better! They have not only continued to create new and innovate products and services -but they have turned to advance technology and began tapping into ways that a consumer can NOT utilize to protect themselves. What’s so wrong with that?
They continue to educate consumers and work with law enforcement communities via free seminars throughout the country and build partnerships with an array of victim organizations and security minded professionals.
Unlike the credit bureaus, we actually have a choice whether or not we want to utilize their services. I am proud of Lifelock’s proven commitment to consumer education and the law enforcement communities. I know that they will continue doing what they already do extremely well: finding new ways to reduce the risk and lessen the impact of fraud. And we should too.
Now having said that, in the interest of full disclosure, LifeLock has paid me to speak at their free identity theft seminars as one of their Certified Identity Theft Risk Management Specialists. To be clear, I get paid to talk about identity theft, I don’t get paid to promote LifeLock.
Yes, actually READ the FTC complaint. Old news. Very old news. Would it make a difference for anyone to know that LifeLock is registered ISO 27001 SINCE January 2007? That is platinum standard! Does that impact the credibility of accusations that they don’t protect data.
And scare tactics? The IL AG mentions IN THE SAME press conference the huge data breach problem. In December 2009, Albert Gonzalez sold 130 million credit cards wardriving. ONE gang that was caught of thousands of people here and abroad working to get YOUR information. We can’t be concerned enough! You might not want LifeLock services but working with ID theft victims as an advocate, you bet I do. I know what those services are and I will remain a LifeLock member.
And while a judge has decided that I can’t hire a third-party to place fraud alerts if I (me, myself) want to for every member of my family, every 90 days (do the math and it would well be worth it to me if I could), it is ignorance not to use fraud alerts as at least ONE tool to help protect my information.
Law enforcement knows full well id theft is a massive problem. They also know the prosecution rate is so abysmally small that it is much easier to be ‘id theft champions’ by hammering those who are trying to do something. And yes, the thieves are happily at work knowing that even less attention is paid to them and their victims.
LifeLock is offering a solution to an impossible problem. Identity fraud has been around since Spartacus – y’all remember that scene from the old flick, right?
Today the problem is companies issuing easy credit to the fraudsters. Then these companies are bailed out with government funds (our money), or they help write onerous laws locking us into a lifetime of debt we didn’t incur.
It would help if the law against asking people for their SOC SEC was actually enforced. Phone companies and the like shouldn’t be asking for it….
That was my .02, I’m broke now.
The original ad with CEO’s Social security number was ridiculous – the guy claimed he wasn’t worried about putting his real SS # out there in the open, but the number was bogus!!! The two middle digits in every real SS# is an even number and his number was showing -55- so it was a lie from the get go!
my middle numbers are not even, they are odd
my son’s ssn is 55
The number one way to get your biz is to scare you into thinking you need it.