LifeLockThe Federal Trade Commission announced on July 21 that it is taking action against LifeLock due to the identity theft protection company’s violation of a 2010 settlement with the FTC as well as 23 state attorneys general. Despite agreeing to the terms of the settlement five years ago, the new claims allege that LifeLock continued to make deceptive claims about its identity theft protection services to consumers and also failed to establish and maintain a security system to protect the data it collected.

In what ways did LifeLock violate the 2010 FTC settlement?

When LifeLock and the FTC settled in 2010, the identity theft protection service was banned from making any further deceptive claims regarding its products, required to take more stringent measures to guard the personal information it collects from its customers and ordered to pay $12 million in consumer refunds. However, the FTC is now claiming that LifeLock violated these orders between October 2012 and March 2014 in multiple ways:

  • Failed to establish and maintain a strong security system that would protect members’ information, including social security numbers, credit card data and bank account information.
  • Falsely advertised that it offered high-security protection at the same level as financial institutions for members’ data.
  • Failed to meet established record keeping requirements.

Additionally, the FTC asserts that between January 2012 and December 2014, LifeLock made false claims that it protected customers 24 hours a day, 7 days a week, 365 days a year by providing alerts “as soon as” it received indication of a problem.

What happens next?

The full details of the action filed by the FTC to the U.S. District Court for the District of Arizona are sealed, and the court will determine which portions will be unsealed. The FTC is asking the court to order LifeLock to “provide full redress,” or make it up to all consumers affected by its violations of the 2010 settlement. If you were a member of LifeLock between 2012 and 2014, it’s possible that you may be able to receive compensation depending on what the final decision is. If you are currently a member of any of LifeLock’s identity theft protection plans, you don’t necessarily need to consider canceling your membership — but it is worth taking a look at other identity theft protection services to determine whether one of them might be a better fit for you and/or your family.

It’s also important to keep in mind what an identity theft protection service can and cannot do. A service can offer help in the form of alerting you to suspicious activity involving your personal information and credit files, and it is also valuable when it comes to the restoration process after identity theft has taken place. However, it cannot prevent identity theft from happening — unfortunately, no one can. Anyone and everyone can be a victim of identity theft, and there is no surefire way to stop it from happening. Subscribing to an identity theft protection service can help provide some extra monitoring that you might not be able to do yourself, but in the end, you still need to be vigilant about protecting your own personal information.

This FTC case also brings up another important point: it’s important to know how any service, including identity theft protection services, uses and stores the information you provide during and after your patronage. Reading privacy policies and following up on questions is a good habit to put into practice in the Digital Age. Want to know more? You can learn about identity theft and services like LifeLock by following our blog.