If you’re one of the 4 million people entrusting LifeLock to protect you from identity theft, you may want to pay closer attention to how the company handles your personal data.
The Federal Trade Commission reached a $100 million settlement this week with LifeLock over claims that the identity theft prevention firm misled its customers and did not do enough to protect their data. The settlement was announced in October and approved in court Thursday. The FTC previously sued LifeLock in 2010 and won a $12 million settlement. The current suit claims that LifeLock violated the terms of its 2010 settlement with the FTC.
Both lawsuits alleged that LifeLock misled consumers about the company’s ability to protect them from fraud and identity theft. The FTC claimed that LifeLock did not have an adequate system for protecting customers’ social security, bank account, and credit card numbers, and that it falsely advertised its abilities to protect such sensitive data. LifeLock also falsely advertised its ability to immediately notify customers of an identity theft, according to the FTC.
In agreeing to the settlement, LifeLock did not admit to the allegations. A spokesperson for LifeLock, who previously, through a public relations firm, contacted the Daily Dot with an offer to speak about another company’s poor cybersecurity practices, declined to speak to us about her own company’s practices.
She instead pointed to LifeLock’s statement, which says, “The allegations raised by the FTC are related to advertisements that we no longer run and policies that are no longer in place. The settlement does not require us to change any of our current products or practices. Furthermore, there is no evidence that LifeLock has ever had any of its customers’ data stolen, and the FTC did not allege otherwise.”
This week’s settlement stipulates that $68 million will be distributed to members of a class action suit against LifeLock, and the remaining $32 million will go to the FTC to be used for future consumer redress.
“This settlement demonstrates the Commission’s commitment to enforcing the orders it has in place against companies, including orders requiring reasonable security for consumer data,” FTC Chairwoman Edith Ramirez said in a statement. “The fact that consumers paid LifeLock for help in protecting their sensitive personal information makes the charges in this case particularly troubling.”
However, FTC Commissioner Maureen Ohlhausen voted against the settlement. “The record lacks clear and convincing evidence that LifeLock failed to establish and maintain a comprehensive information security program designed to protect the security, confidentiality, and integrity of consumers’ personal information,” Ohlhausen wrote in her dissenting statement.
Additional reporting by Kevin Collier | Illustration by Jason Reed