FTC Takes Action Against LifeLock for Alleged Violations of 2010 Order

The Federal Trade Commission asserted that Lifelock violated a 2010 settlement with the agency and 35 state attorneys general by continuing to make deceptive claims about its identity theft protection services, and by failing to take steps required to protect its users’ data. In documents filed with the US District Court for the District of Arizona, the FTC charged that LifeLock failed to live up to its obligations under the 2010 settlement, and asked the court to impose an order requiring LifeLock to provide full redress to all consumers affected by the company’s order violations.

The 2010 settlement stemmed from previous FTC allegations that LifeLock used false claims to promote its identity theft protection services. The settlement barred the company and its principals from making any further deceptive claims; required LifeLock to take more stringent measures to safeguard the personal information it collects from customers; and required LifeLock to pay $12 million for consumer refunds. The FTC charged that in spite of these promises, from at least October 2012 through March 2014, LifeLock violated the 2010 Order by: 1) failing to establish and maintain a comprehensive information security program to protect its users’ sensitive personal data, including credit card, social security, and bank account numbers; 2) falsely advertising that it protected consumers’ sensitive data with the same high-level safeguards as financial institutions; and 3) failing to meet the 2010 order’s recordkeeping requirements. The FTC also asserts that from at least January 2012 through December 2014, LifeLock falsely claimed it protected consumers’ identity 24/7/365 by providing alerts “as soon as” it received any indication there was a problem.