by Mike Masnick

Filed Under:
identity theft


LifeLock Has To Pay $12 Million For Bogus Advertising, Little Actual Protection And Awful Security

from the feel-safer? dept

AdamR was the first of a few of you to point out that the FTC (along with 35 state attorneys general) has fined Lifelock $12 million for a variety of misdeeds, starting with bogus advertising. This should be no surprise to Techdirt readers, as the discussions around LifeLock have always raised a lot more questions than were answered. It kicked off with the fact that LifeLock's CEO, who proudly places his Social Security Number on ads to "prove" how convinced he is that LifeLock will protect him... was a victim of identity fraud himself. Oh, and there was also the stuff about how one of the founder's of the company had a past that involved doing bad things with the private information of his own customers. And then there was the story about how the CEO of LifeLock, after having his own identity fraudulently used, went to the home of the guy who did it to "coerce a confession."

But the bigger questions were about the service itself. All it really did was put a fraud block on your credit, which you could do for free. It didn't stop people from using your existing credit cards if they had access to the information, or from taking out loans in your name (which is what happened to the CEO) -- even though its advertisements implied you'd be safe from such situations (which are more common than someone taking out a credit card in your name). Oh, and then there was the fact that the fraud reports that Lifelock would put on accounts were found to be illegal.

All that looks pretty bad -- and it gets worse as you read the details of the FTC slapdown. There was the questionable advertising, which went beyond just false implied promises -- to sending out letters that tried to claim that the recipient's info "wasn't safe" as a scare tactic. On top of that, apparently, LifeLock itself wasn't particularly secure with how it handled its customers private information. This fact looks even worse when you realize that LifeLock would prey on firms who had recently had data breaches, and suggest they sign up customers for a "free" year of LifeLock -- thereby putting their data at risk yet again. Not only was the data not properly handled, but LifeLock falsely claimed that the data was encrypted and only authorized employees would have access. Neither turned out to be true. Basically, it sounds like rather than protect your identity, LifeLock put you at greater risk.

Reader Comments

Subscribe: RSS

View by: Time | Thread

  1. identicon
    Anonymous Coward, 10 Mar 2010 @ 7:55am

    Say it ain't so...

    But Rush Limbaugh recommended it to me... it must be secure!
    He should get fined too!!

    reply to this | link to this | view in thread ]

  2. identicon
    Anonymous Coward, 10 Mar 2010 @ 8:01am

    Simply outlawing the credit reporting services, would shut down 100% of the need for services like lifelock, and probably 90% of the credit fraud as a whole.

    reply to this | link to this | view in thread ]

  3. icon
    Dark Helmet (profile), 10 Mar 2010 @ 8:04am

    Re: Say it ain't so...

    That wasn't his fault....he was high....

    reply to this | link to this | view in thread ]

  4. identicon
    Dave, 10 Mar 2010 @ 8:11am

    Kind of sucks that I'm just reading about this now. I work for Office Depot who had a breach about a year ago I think and we were all told we should sign up for LifeLock. I did, but now I'm really regretting it.

    reply to this | link to this | view in thread ]

  5. icon
    Overcast (profile), 10 Mar 2010 @ 8:12am

    Yeah, Todd doesn't have his SS# on the page anymore either.. heh

    To their credit though: it's hard to stop dedicated thieves.

    reply to this | link to this | view in thread ]

  6. identicon
    Anonymous Coward, 10 Mar 2010 @ 8:20am

    Re: Re: Say it ain't so...

    I can relate to that...
    I was gonna go to court, before I got high.
    I was gonna pay my child support, but then I got high.

    But the judge was not so understanding.
    (is that fair use or am I going to get sued by Afroman now?)

    reply to this | link to this | view in thread ]

  7. icon
    mjb5406 (profile), 10 Mar 2010 @ 8:49am

    It's easy to say data is encrypted

    Saying that data is encrypted doesn't make it so. The latest scam being reported by the press is a site called, which allows merchants to record customers who have made chargebacks against them. A merchant can use the data there to decline a customer's credit card. The company says that the data is encrypted and "even the IT staff can;t read it". That last statement is pure fanasy... if the IT staff developed the encryption program, they can read the data I used to work (about 6 years ago) for a well known retailer who collected and retained customer data (the nature of which I won't reveal, since it would, most assuredly disclose the company's name). They told all the customers that the data, maintained in an Oracle database, was encrypted and secure. Guess what? At the time, it was not, and all of the IT staff had access to it. So, don't believe it when a company claims encryption and that "nobody can access the data:.

    reply to this | link to this | view in thread ]

  8. identicon
    Anonymous Coward, 10 Mar 2010 @ 9:09am

    Re: It's easy to say data is encrypted

    "That last statement is pure fanasy... if the IT staff developed the encryption program, they can read the data"

    That's not true if they did their job properly. Properly implimented encryption will NOT allow that.

    reply to this | link to this | view in thread ]

  9. identicon
    Anonym, 10 Mar 2010 @ 9:09am

    Don't forget the ControlScam slapdown too

    "The U.S. Federal Trade Commission (FTC) on Thursday (Feb. 25) screamed “the Emperor has no clothes” by reporting to consumers that one of the largest firms issuing “Verified Secure Breach Protection” seals doesn’t really verify much at all. "

    reply to this | link to this | view in thread ]

  10. identicon
    yozoo, 10 Mar 2010 @ 11:35am

    Talk Radio Never Lies

    Lifelock is a scam . . . next your going to tell me my Non-Hybrid Seed Vault is no good either . . . damn you Glenn Beck! Now what will I trade for gasoline when the rapture comes!

    reply to this | link to this | view in thread ]

  11. icon
    DeniseRichardson (profile), 10 Mar 2010 @ 9:49pm

    What's so bad about a company trying to help victims?

    These new rules will provide direction and regulations that help those serious about stopping identity theft, and it will hold advertisers accountable. This should separate out the good from the bad

    However this settlement is over advertising that the FTC claims was misleading to consumers for the period March 2005 to April 2008. And for issues the FTC had with their services during their earlier days. Not their current services. It is very old news and the service they offer today -is far superior than what they offered in earlier days.

    Now, if you want to talk about aggressive marketing, no one can beat the singing pirates: f.r.e.e. spells free baby -not! Yet remarkably, the FTC went after them with spoof videos!

    Over the years identity theft has grown -and so has LifeLock -for the better! They have not only continued to create new and innovate products and services -but they have turned to advance technology and began tapping into ways that a consumer can NOT utilize to protect themselves. What's so wrong with that?

    They continue to educate consumers and work with law enforcement communities via free seminars throughout the country and build partnerships with an array of victim organizations and security minded professionals.

    Unlike the credit bureaus, we actually have a choice whether or not we want to utilize their services. I am proud of Lifelock’s proven commitment to consumer education and the law enforcement communities. I know that they will continue doing what they already do extremely well: finding new ways to reduce the risk and lessen the impact of fraud. And we should too.

    Now having said that, in the interest of full disclosure, LifeLock has paid me to speak at their free identity theft seminars as one of their Certified Identity Theft Risk Management Specialists. To be clear, I get paid to talk about identity theft, I don’t get paid to promote LifeLock.

    reply to this | link to this | view in thread ]

  12. icon
    victimadvocate (profile), 11 Mar 2010 @ 4:48am

    Yes, READ

    Yes, actually READ the FTC complaint. Old news. Very old news. Would it make a difference for anyone to know that LifeLock is registered ISO 27001 SINCE January 2007? That is platinum standard! Does that impact the credibility of accusations that they don’t protect data. And scare tactics? The IL AG mentions IN THE SAME press conference the huge data breach problem. In December 2009, Albert Gonzalez sold 130 million credit cards wardriving. ONE gang that was caught of thousands of people here and abroad working to get YOUR information. We can’t be concerned enough! You might not want LifeLock services but working with ID theft victims as an advocate, you bet I do. I know what those services are and I will remain a LifeLock member. And while a judge has decided that I can’t hire a third-party to place fraud alerts if I (me, myself) want to for every member of my family, every 90 days (do the math and it would well be worth it to me if I could), it is ignorance not to use fraud alerts as at least ONE tool to help protect my information. Law enforcement knows full well id theft is a massive problem. They also know the prosecution rate is so abysmally small that it is much easier to be ‘id theft champions’ by hammering those who are trying to do something. And yes, the thieves are happily at work knowing that even less attention is paid to them and their victims.

    reply to this | link to this | view in thread ]

  13. identicon
    Betty Chambers, 11 Mar 2010 @ 8:12am


    LifeLock is offering a solution to an impossible problem. Identity fraud has been around since Spartacus - y'all remember that scene from the old flick, right?

    Today the problem is companies issuing easy credit to the fraudsters. Then these companies are bailed out with government funds (our money), or they help write onerous laws locking us into a lifetime of debt we didn't incur.

    It would help if the law against asking people for their SOC SEC was actually enforced. Phone companies and the like shouldn't be asking for it....

    That was my .02, I'm broke now.

    reply to this | link to this | view in thread ]

  14. identicon
    Lenny, 28 Jun 2010 @ 9:05pm


    The original ad with CEO's Social security number was ridiculous - the guy claimed he wasn't worried about putting his real SS # out there in the open, but the number was bogus!!! The two middle digits in every real SS# is an even number and his number was showing -55- so it was a lie from the get go!

    reply to this | link to this | view in thread ]

  15. identicon
    Anonymous Coward, 21 Aug 2011 @ 8:08am

    Re: Bogus

    my middle numbers are not even, they are odd

    reply to this | link to this | view in thread ]

  16. identicon
    Anonymous Coward, 1 Oct 2012 @ 10:59am

    Re: Bogus

    my son's ssn is 55

    reply to this | link to this | view in thread ]

  17. identicon
    lenny, 9 Mar 2016 @ 3:52am

    scare tactics

    The number one way to get your biz is to scare you into thinking you need it.

    reply to this | link to this | view in thread ]

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Techdirt Gear
Show Now: Takedown
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Report this ad  |  Hide Techdirt ads
Recent Stories
Report this ad  |  Hide Techdirt ads


Email This

This feature is only available to registered users. Register or sign in to use it.