LifeLock Inc., which sells identity theft monitoring and fraud detection, agreed Thursday to pay $100 million to settle Federal Trade Commission charges that it failed to properly protect its customers’ data and misrepresented the strength of its security. It's the largest order enforcement case to date to come out of the FTC.
A total of $68 million will be used to reimburse consumers in a class-action lawsuit. The balance will be used by the FTC to reimburse LifeLock customers not involved in the lawsuit, according to FTC officials. LifeLock, based in Tempe, Ariz., first settled with the FTC and 35 state attorneys general in 2010, paying $12 million for not securing customer information and overstating the value of its services. At the time, it signed an agreement saying it would change its behavior in the future. Last July, the FTC announced it would file a complaint against the company for violating that court order.According to the FTC, LifeLock - from at least October 2012 through March 2014 - violated several terms of its previous agreement. First, the agency said, its security system wasn't up to the task of protecting users' sensitive personal information, including Social Security numbers, credit card information and bank account numbers. Second, the complaint said that LifeLock falsely advertised that its systems were protected using the same technology as financial institutions.
LifeLock said in the court filing that it neither admitted nor denied the FTC's allegations but the company released the following statement Thursday.
"The allegations raised by the FTC are related to advertisements that we no longer run and policies that are no longer in place. The settlement does not require us to change any of our current products or practices. Furthermore, there is no evidence that LifeLock has ever had any of its customers' data stolen, and the FTC did not allege otherwise. As part of our commitment to continual improvement, in recent years we have made significant investments in our people, process and systems throughout the company to address ever more complex and pervasive identity threats. We are pleased to put this matter behind us and look forward to continuing to provide industry-leading identity protection services to our members."
The company charges $9.99 per month to monitor a customers' accounts to get an early warning of identity theft and to help them clean up the mess when identity theft occurs.
As part of the settlement, LifeLock is required to refrain from misrepresenting how much they can do to protect their customers from identity theft and to implement a data security program, according to a court filing. The company also is required to keep documentation showing how it has complied with the settlement, the filing said.