RSS Alerts

Related Links

Related Stories

  • Symantec teams up with LifeLock to expand offline
    After 27 years in the online and IT world, Symantec is moving into the offline/off-computer world thanks to a partnership with LifeLock Inc., a proactive provider of identify theft protection.
  • US standards drive Canadian information security
    An absence of legislation and the presence of the laissez-faire attitude has resulted in Canada being rather lax when it comes to information security compliance. Robin Arnfield looks at how US standards are driving the Canadian information security marketplace
  • Report shows a 70% surge in malware and spam on web 2.0 services
    Research just published by Sophos claims to show a 70% increase in the number of companies reporting spam and malware attacks via social networks.
  • Taking Down a Botnet
    This past February, Microsoft, along with industry partners and academic researchers, spearheaded an effort to take the Waledec botnet offline. Drew Amorosi provides a detailed account of just how the cooperative endeavor was able to halt – at least temporarily – the notorious spam serving network.
    Members' Content
  • Facebook adds security tools amid growing privacy storm
    Facebook has added new security tools to prevent hacking and held a staff meeting amid a growing storm about privacy at the social networking company.

News

LifeLock hit with $12m settlement payment

10 March 2010

Identity theft protection company LifeLock will pay $12 million to settle charges of false claims made over its services.

LifeLock will pay $11m to the Federal Trade Commission, along with $1m to a group of 35 state attorneys general. The payment will settle charges that it used false claims to promote its identity theft protection services.

According to an FTC statement on the LifeLock case, LifeLock was wrong to guarantee that its customers would never be subject to identity theft. The fraud alerts that it put on customers' credit files only protected against certain forms of identity theft, the Commission alleged. Account misuse, which the FTC said was the most common type of identity theft, was not protected against. Seventeen percent of identity theft incidents comprised new account fraud according to an FTC survey released in 2007.

The FTC alleged that the service failed to protect against medical or employment identity theft. Claims that customers would receive a telephone call from a potential creditor before a new account was opened were false, the FTC said, as were claims that LifeLock could prevent unauthorized changes to customers' address information.

"While LifeLock promised consumers complete protection against all types of identity theft, in truth, the protection it actually provided left enough holes that you could drive a truck through it," commented FTC chairman Jon Leibowitz.

The FTC said that LifeLock's data was not encrypted, and that the company falsely claimed that only authorized employees would have access to the information, on a need-to-know basis.

LifeLock put a positive spin on the situation. "LifeLock is pleased with this agreement, which, for the very first time, works to set advertising guidelines for the entire industry," said LifeLock chairman and CEO Todd Davis. "We welcome federal and state efforts to regulate our industry, because doing so helps to protect consumers from the risks of identity theft."

Under the settlement, Davis was personally barred from making the same misrepresentations as LifeLock had previously, along with its cofounder Robert J. Maynard Jr, the FTC said.

 

This article is featured in:
Compliance and Policy Identity and Access Management

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Copyright © 2010
Elsevier Ltd. All rights reserved.
Terms & Conditions | Privacy | Website Design Working with water