LifeLock Has To Pay $12 Million For Bogus Advertising, Little Actual Protection And Awful Security

from the feel-safer? dept

Wed, Mar 10th 2010 6:50am — Mike Masnick

AdamR was the first of a few of you to point out that the FTC (along with 35 state attorneys general) has fined Lifelock $12 million for a variety of misdeeds, starting with bogus advertising. This should be no surprise to Techdirt readers, as the discussions around LifeLock have always raised a lot more questions than were answered. It kicked off with the fact that LifeLock's CEO, who proudly places his Social Security Number on ads to "prove" how convinced he is that LifeLock will protect him... was a victim of identity fraud himself. Oh, and there was also the stuff about how one of the founder's of the company had a past that involved doing bad things with the private information of his own customers. And then there was the story about how the CEO of LifeLock, after having his own identity fraudulently used, went to the home of the guy who did it to "coerce a confession."

But the bigger questions were about the service itself. All it really did was put a fraud block on your credit, which you could do for free. It didn't stop people from using your existing credit cards if they had access to the information, or from taking out loans in your name (which is what happened to the CEO) -- even though its advertisements implied you'd be safe from such situations (which are more common than someone taking out a credit card in your name). Oh, and then there was the fact that the fraud reports that Lifelock would put on accounts were found to be illegal.

All that looks pretty bad -- and it gets worse as you read the details of the FTC slapdown. There was the questionable advertising, which went beyond just false implied promises -- to sending out letters that tried to claim that the recipient's info "wasn't safe" as a scare tactic. On top of that, apparently, LifeLock itself wasn't particularly secure with how it handled its customers private information. This fact looks even worse when you realize that LifeLock would prey on firms who had recently had data breaches, and suggest they sign up customers for a "free" year of LifeLock -- thereby putting their data at risk yet again. Not only was the data not properly handled, but LifeLock falsely claimed that the data was encrypted and only authorized employees would have access. Neither turned out to be true. Basically, it sounds like rather than protect your identity, LifeLock put you at greater risk.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: identity theft
Companies: lifelock

17 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Anonymous Coward, 10 Mar 2010 @ 7:55am

Say it ain't so...
But Rush Limbaugh recommended it to me... it must be secure!
He should get fined too!!
[ link to this | view in chronology ]
- Dark Helmet (profile), 10 Mar 2010 @ 8:04am
  
  Re: Say it ain't so...
  That wasn't his fault....he was high....
  [ link to this | view in chronology ]
  - Anonymous Coward, 10 Mar 2010 @ 8:20am
    
    Re: Re: Say it ain't so...
    I can relate to that...
    I was gonna go to court, before I got high.
    I was gonna pay my child support, but then I got high.
    
    But the judge was not so understanding.
    (is that fair use or am I going to get sued by Afroman now?)
    [ link to this | view in chronology ]
Anonymous Coward, 10 Mar 2010 @ 8:01am

Simply outlawing the credit reporting services, would shut down 100% of the need for services like lifelock, and probably 90% of the credit fraud as a whole.
[ link to this | view in chronology ]
Dave, 10 Mar 2010 @ 8:11am

Kind of sucks that I'm just reading about this now. I work for Office Depot who had a breach about a year ago I think and we were all told we should sign up for LifeLock. I did, but now I'm really regretting it.
[ link to this | view in chronology ]
Overcast (profile), 10 Mar 2010 @ 8:12am

Yeah, Todd doesn't have his SS# on the page anymore either.. heh

To their credit though: it's hard to stop dedicated thieves.
[ link to this | view in chronology ]
mjb5406 (profile), 10 Mar 2010 @ 8:49am

It's easy to say data is encrypted
Saying that data is encrypted doesn't make it so. The latest scam being reported by the press is a site called BadCustomer.com, which allows merchants to record customers who have made chargebacks against them. A merchant can use the data there to decline a customer's credit card. The company says that the data is encrypted and "even the IT staff can;t read it". That last statement is pure fanasy... if the IT staff developed the encryption program, they can read the data I used to work (about 6 years ago) for a well known retailer who collected and retained customer data (the nature of which I won't reveal, since it would, most assuredly disclose the company's name). They told all the customers that the data, maintained in an Oracle database, was encrypted and secure. Guess what? At the time, it was not, and all of the IT staff had access to it. So, don't believe it when a company claims encryption and that "nobody can access the data:.
[ link to this | view in chronology ]
- Anonymous Coward, 10 Mar 2010 @ 9:09am
  
  Re: It's easy to say data is encrypted
  "That last statement is pure fanasy... if the IT staff developed the encryption program, they can read the data"
  
  That's not true if they did their job properly. Properly implimented encryption will NOT allow that.
  [ link to this | view in chronology ]
Anonym, 10 Mar 2010 @ 9:09am

Don't forget the ControlScam slapdown too
"The U.S. Federal Trade Commission (FTC) on Thursday (Feb. 25) screamed “the Emperor has no clothes” by reporting to consumers that one of the largest firms issuing “Verified Secure Breach Protection” seals doesn’t really verify much at all. "
[ link to this | view in chronology ]
yozoo, 10 Mar 2010 @ 11:35am

Talk Radio Never Lies
Lifelock is a scam . . . next your going to tell me my Non-Hybrid Seed Vault is no good either . . . damn you Glenn Beck! Now what will I trade for gasoline when the rapture comes!
[ link to this | view in chronology ]
DeniseRichardson (profile), 10 Mar 2010 @ 9:49pm

What's so bad about a company trying to help victims?
These new rules will provide direction and regulations that help those serious about stopping identity theft, and it will hold advertisers accountable. This should separate out the good from the bad

However this settlement is over advertising that the FTC claims was misleading to consumers for the period March 2005 to April 2008. And for issues the FTC had with their services during their earlier days. Not their current services. It is very old news and the service they offer today -is far superior than what they offered in earlier days.

Now, if you want to talk about aggressive marketing, no one can beat the singing pirates: f.r.e.e. spells free baby -not! Yet remarkably, the FTC went after them with spoof videos!
http://www.givemebackmycredit.com/blog/free-credit-reports/

Over the years identity theft has grown -and so has LifeLock -for the better! They have not only continued to create new and innovate products and services -but they have turned to advance technology and began tapping into ways that a consumer can NOT utilize to protect themselves. What's so wrong with that?

They continue to educate consumers and work with law enforcement communities via free seminars throughout the country and build partnerships with an array of victim organizations and security minded professionals.

Unlike the credit bureaus, we actually have a choice whether or not we want to utilize their services. I am proud of Lifelock’s proven commitment to consumer education and the law enforcement communities. I know that they will continue doing what they already do extremely well: finding new ways to reduce the risk and lessen the impact of fraud. And we should too.

Now having said that, in the interest of full disclosure, LifeLock has paid me to speak at their free identity theft seminars as one of their Certified Identity Theft Risk Management Specialists. To be clear, I get paid to talk about identity theft, I don’t get paid to promote LifeLock.
[ link to this | view in chronology ]
victimadvocate (profile), 11 Mar 2010 @ 4:48am

Yes, READ
Yes, actually READ the FTC complaint. Old news. Very old news. Would it make a difference for anyone to know that LifeLock is registered ISO 27001 SINCE January 2007? That is platinum standard! Does that impact the credibility of accusations that they don’t protect data. And scare tactics? The IL AG mentions IN THE SAME press conference the huge data breach problem. In December 2009, Albert Gonzalez sold 130 million credit cards wardriving. ONE gang that was caught of thousands of people here and abroad working to get YOUR information. We can’t be concerned enough! You might not want LifeLock services but working with ID theft victims as an advocate, you bet I do. I know what those services are and I will remain a LifeLock member. And while a judge has decided that I can’t hire a third-party to place fraud alerts if I (me, myself) want to for every member of my family, every 90 days (do the math and it would well be worth it to me if I could), it is ignorance not to use fraud alerts as at least ONE tool to help protect my information. Law enforcement knows full well id theft is a massive problem. They also know the prosecution rate is so abysmally small that it is much easier to be ‘id theft champions’ by hammering those who are trying to do something. And yes, the thieves are happily at work knowing that even less attention is paid to them and their victims.
[ link to this | view in chronology ]
Betty Chambers, 11 Mar 2010 @ 8:12am

Fraudsters
LifeLock is offering a solution to an impossible problem. Identity fraud has been around since Spartacus - y'all remember that scene from the old flick, right?

Today the problem is companies issuing easy credit to the fraudsters. Then these companies are bailed out with government funds (our money), or they help write onerous laws locking us into a lifetime of debt we didn't incur.

It would help if the law against asking people for their SOC SEC was actually enforced. Phone companies and the like shouldn't be asking for it....

That was my .02, I'm broke now.
[ link to this | view in chronology ]
Lenny, 28 Jun 2010 @ 9:05pm

Bogus
The original ad with CEO's Social security number was ridiculous - the guy claimed he wasn't worried about putting his real SS # out there in the open, but the number was bogus!!! The two middle digits in every real SS# is an even number and his number was showing -55- so it was a lie from the get go!
[ link to this | view in chronology ]
- Anonymous Coward, 21 Aug 2011 @ 8:08am
  
  Re: Bogus
  my middle numbers are not even, they are odd
  [ link to this | view in chronology ]
- Anonymous Coward, 1 Oct 2012 @ 10:59am
  
  Re: Bogus
  my son's ssn is 55
  [ link to this | view in chronology ]
lenny, 9 Mar 2016 @ 3:52am

scare tactics
The number one way to get your biz is to scare you into thinking you need it.
[ link to this | view in chronology ]