LifeLock Inc., which sells identity theft monitoring and fraud detection, agreed Thursday to pay $100 million to settle Federal Trade Commission charges that it failed to properly protect its customers’ data and misrepresented the strength of its security. It's the largest order enforcement case to date to come out of the FTC.
A total of $68 million will be used to reimburse consumers in a class-action lawsuit. The balance will be used by the FTC to reimburse LifeLock customers not involved in the lawsuit, according to FTC officials. LifeLock, based in Tempe, Ariz., first
LifeLock said in the court filing that it neither admitted nor denied the FTC's allegations but the company released the following statement Thursday.
"The allegations raised by the FTC are related to advertisements that we no longer run and policies that are no longer in place. The settlement does not require us to change any of our current products or practices. Furthermore, there is no evidence that LifeLock has ever had any of its customers' data stolen, and the FTC did not allege otherwise. As part of our commitment to continual improvement, in recent years we have made significant investments in our people, process and systems throughout the company to address ever more complex and pervasive identity threats. We are pleased to put this matter behind us and look forward to continuing to provide industry-leading identity protection services to our members."
The company charges $9.99 per month to monitor a customers' accounts to get an early warning of identity theft and to help them clean up the mess when identity theft occurs.
As part of the settlement, LifeLock is required to refrain from misrepresenting how much they can do to protect their customers from identity theft and to implement a data security program, according to a court filing. The company also is required to keep documentation showing how it has complied with the settlement, the filing said.