LifeLock Has To Pay $12 Million For Bogus Advertising, Little Actual Protection And Awful Security

from the feel-safer? dept

AdamR was the first of a few of you to point out that the FTC (along with 35 state attorneys general) has fined Lifelock $12 million for a variety of misdeeds, starting with bogus advertising. This should be no surprise to Techdirt readers, as the discussions around LifeLock have always raised a lot more questions than were answered. It kicked off with the fact that LifeLock’s CEO, who proudly places his Social Security Number on ads to “prove” how convinced he is that LifeLock will protect him… was a victim of identity fraud himself. Oh, and there was also the stuff about how one of the founder’s of the company had a past that involved doing bad things with the private information of his own customers. And then there was the story about how the CEO of LifeLock, after having his own identity fraudulently used, went to the home of the guy who did it to “coerce a confession.”

But the bigger questions were about the service itself. All it really did was put a fraud block on your credit, which you could do for free. It didn’t stop people from using your existing credit cards if they had access to the information, or from taking out loans in your name (which is what happened to the CEO) — even though its advertisements implied you’d be safe from such situations (which are more common than someone taking out a credit card in your name). Oh, and then there was the fact that the fraud reports that Lifelock would put on accounts were found to be illegal.

All that looks pretty bad — and it gets worse as you read the details of the FTC slapdown. There was the questionable advertising, which went beyond just false implied promises — to sending out letters that tried to claim that the recipient’s info “wasn’t safe” as a scare tactic. On top of that, apparently, LifeLock itself wasn’t particularly secure with how it handled its customers private information. This fact looks even worse when you realize that LifeLock would prey on firms who had recently had data breaches, and suggest they sign up customers for a “free” year of LifeLock — thereby putting their data at risk yet again. Not only was the data not properly handled, but LifeLock falsely claimed that the data was encrypted and only authorized employees would have access. Neither turned out to be true. Basically, it sounds like rather than protect your identity, LifeLock put you at greater risk.

Filed Under:
Companies: lifelock

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “LifeLock Has To Pay $12 Million For Bogus Advertising, Little Actual Protection And Awful Security”

Subscribe: RSS Leave a comment
mjb5406 (profile) says:

It's easy to say data is encrypted

Saying that data is encrypted doesn’t make it so. The latest scam being reported by the press is a site called, which allows merchants to record customers who have made chargebacks against them. A merchant can use the data there to decline a customer’s credit card. The company says that the data is encrypted and “even the IT staff can;t read it”. That last statement is pure fanasy… if the IT staff developed the encryption program, they can read the data I used to work (about 6 years ago) for a well known retailer who collected and retained customer data (the nature of which I won’t reveal, since it would, most assuredly disclose the company’s name). They told all the customers that the data, maintained in an Oracle database, was encrypted and secure. Guess what? At the time, it was not, and all of the IT staff had access to it. So, don’t believe it when a company claims encryption and that “nobody can access the data:.

DeniseRichardson (profile) says:

What's so bad about a company trying to help victims?

These new rules will provide direction and regulations that help those serious about stopping identity theft, and it will hold advertisers accountable. This should separate out the good from the bad

However this settlement is over advertising that the FTC claims was misleading to consumers for the period March 2005 to April 2008. And for issues the FTC had with their services during their earlier days. Not their current services. It is very old news and the service they offer today -is far superior than what they offered in earlier days.

Now, if you want to talk about aggressive marketing, no one can beat the singing pirates: f.r.e.e. spells free baby -not! Yet remarkably, the FTC went after them with spoof videos!

Over the years identity theft has grown -and so has LifeLock -for the better! They have not only continued to create new and innovate products and services -but they have turned to advance technology and began tapping into ways that a consumer can NOT utilize to protect themselves. What’s so wrong with that?

They continue to educate consumers and work with law enforcement communities via free seminars throughout the country and build partnerships with an array of victim organizations and security minded professionals.

Unlike the credit bureaus, we actually have a choice whether or not we want to utilize their services. I am proud of Lifelock’s proven commitment to consumer education and the law enforcement communities. I know that they will continue doing what they already do extremely well: finding new ways to reduce the risk and lessen the impact of fraud. And we should too.

Now having said that, in the interest of full disclosure, LifeLock has paid me to speak at their free identity theft seminars as one of their Certified Identity Theft Risk Management Specialists. To be clear, I get paid to talk about identity theft, I don’t get paid to promote LifeLock.

victimadvocate (profile) says:


Yes, actually READ the FTC complaint. Old news. Very old news. Would it make a difference for anyone to know that LifeLock is registered ISO 27001 SINCE January 2007? That is platinum standard! Does that impact the credibility of accusations that they don’t protect data.

And scare tactics? The IL AG mentions IN THE SAME press conference the huge data breach problem. In December 2009, Albert Gonzalez sold 130 million credit cards wardriving. ONE gang that was caught of thousands of people here and abroad working to get YOUR information. We can’t be concerned enough! You might not want LifeLock services but working with ID theft victims as an advocate, you bet I do. I know what those services are and I will remain a LifeLock member.

And while a judge has decided that I can’t hire a third-party to place fraud alerts if I (me, myself) want to for every member of my family, every 90 days (do the math and it would well be worth it to me if I could), it is ignorance not to use fraud alerts as at least ONE tool to help protect my information.

Law enforcement knows full well id theft is a massive problem. They also know the prosecution rate is so abysmally small that it is much easier to be ‘id theft champions’ by hammering those who are trying to do something. And yes, the thieves are happily at work knowing that even less attention is paid to them and their victims.

Betty Chambers (user link) says:


LifeLock is offering a solution to an impossible problem. Identity fraud has been around since Spartacus – y’all remember that scene from the old flick, right?

Today the problem is companies issuing easy credit to the fraudsters. Then these companies are bailed out with government funds (our money), or they help write onerous laws locking us into a lifetime of debt we didn’t incur.

It would help if the law against asking people for their SOC SEC was actually enforced. Phone companies and the like shouldn’t be asking for it….

That was my .02, I’m broke now.

Lenny says:


The original ad with CEO’s Social security number was ridiculous – the guy claimed he wasn’t worried about putting his real SS # out there in the open, but the number was bogus!!! The two middle digits in every real SS# is an even number and his number was showing -55- so it was a lie from the get go!

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...