LifeLock Inc. has agreed to pay $11 million to the Federal Trade Commission (FTC) and $1 million to a group of 35 state attorneys general to settle charges that the company used false claims to promote its identity theft protection services.
The company and its co-founders, Richard Todd Davis and Robert J. Maynard Jr., are barred from misrepresenting the "means, methods, procedures, effects, effectiveness, coverage, or scope of any identity theft protection service." The settlements also bar misrepresentations about the risk of identity theft and the manner and extent to which LifeLock protects consumers' personal information.
The settlements also require LifeLock to establish a comprehensive data security program and obtain biennial independent third-party assessments of that program for 20 years.
Since 2006, LifeLock's ads claimed it could prevent identity theft for consumers willing to sign up for its $10-a-month service, said the FTC.
The agency noted that LifeLock's fraud alerts on customers' credit files protected against only certain forms of identity theft and gave no protection against the misuse of existing accounts; that they did not protect against medical identity theft or employment identity theft; and that they could not provide absolute protection against new account fraud, where fraud alerts are most common.
Other claims made--that LifeLock could prevent unauthorized changes to customers' address information, that it constantly monitored activity on customer credit reports, and that it would ensure the customer always received a telephone call from a potential creditor before opening a new account--were also false, said FTC.
The FTC said it will use the $11 million it receives from the settlements to provide refunds to consumers. It will send letters to current and former LifeLock customers who may be eligible for the refunds, and instructions for applying.