In documents filed in district court today, the FTC said that LifeLock failed to live up to it’s 2010 settlement with the FTC and asked the court to order full redress to all consumers affected.
The 2010 settlement stemmed from the FTC complaining that LifeLock used false claims to sell it’s services (remember when their CEO used to put his social security number on billboards? Not any more).
Disclosure: I am not a big fan of LifeLock and never have been. In order to make the service work, you have to give them access to all your accounts. That makes them a weak spot and a target for hackers. The FTC claims, in this most recent court document that even though LifeLock was ordered in the 2010 settlement to create a comprehensive information security program, at least through March 2014 they did not have such a program. It is not clear if they have one now.
The FTC also says that they falsely claim that they protected your information with the same high level safeguards as banks. If that means that they use SSL on their web site, I would be concerned.
They also failed to meet the 2010 order’s requirement for record keeping.
Finally, the FTC said that LifeLock falsely claimed that it protected consumers’ identity 24/7/365 by providing alerts “as soon as” it received any indication there was a problem.
While the details of the FTC’s action were sealed, the vote against LifeLock was 4-1. I am sure that LifeLock will say they did nothing wrong and more information will come out during court proceedings, so stay tuned.
For the most part, LifeLock does not do anything that you cannot do yourself, so your trade off is your time vs. $9 to $26 a month. And if their security is not so good, that is a big problem.
Information for this post came from the FTC web site.