Identity theft protection company LifeLock is in trouble again with the US Federal Trade Commission (FTC) – this time for apparently violating a 2010 settlement.
Five years after reaching a $12 million settlement for false advertising, the FTC is taking LifeLock to court for contempt and is seeking “full redress” for affected consumers.
LifeLock hasn’t abided by the settlement’s requirement to stop making misleading claims that “guaranteed” customers would be protected against identity theft, according to the FTC.
It’s ironic that, for a company that makes its money by offering ID theft protection services, LifeLock appears to do a bad job of protecting the sensitive data it collects from customers.
The FTC said LifeLock violated the requirement to implement a comprehensive information security program to protect its members’ information, including Social Security numbers, credit card and bank account numbers.
Despite inadequate data security, LifeLock made the misleading claim that it offered the same level of protection as financial institutions, according to the FTC.
The FTC said LifeLock also made misleading claims that it would notify customers “as soon as” it received any indication there was a problem leading to potential identity theft.
Todd Davis, LifeLock’s CEO and chairman, disputed the claims in a 21 July blog post.
The FTC’s claims “are all related to the past, not to current business practices,” Davis said.
Davis has famously appeared in ads showing his own Social Security number and touting his company’s ID theft protection services.
The advertising ploy went awry – Davis was himself a victim of identity theft in 2007, when someone used his identity to take out a $500 bank loan.
Jessica Rich, Director of the FTC’s Bureau of Consumer Protection, said businesses that continue to violate court orders obtained by the FTC will face further action:
It is essential that companies live up to their obligations under orders obtained by the FTC. If a company continues with practices that violate orders and harm consumers, we will act.
LifeLock wasn’t willing to risk violating the terms of its settlement back in May 2014, when it temporarily pulled its LifeLock Wallet app because it wasn’t in compliance with data protection standards.
Troubles with the FTC aren’t LifeLock’s only legal concern: the company has faced more than 80 lawsuits in recent years, including a March 2014 lawsuit by LifeLock’s former chief information security officer.
The former LifeLock executive claimed he was fired for objecting to the company allegedly turning off ID theft alerts for its elderly customers in order to reduce the number of calls to its customer support center.
The lawsuit also claimed that LifeLock’s security practices were so inadequate as to constitute “fraud” against its shareholders.
Those shareholders probably aren’t happy today – LifeLock’s stock fell 50% after the FTC announced it was seeking a contempt order against the company.