Chicago—Illinois Attorney General Lisa Madigan and U.S. Federal Trade Commission (FTC) Chairman Jon Leibowitz today announced a settlement reached with LifeLock, Inc., a Tempe, Ariz.-based identity theft protection provider, that resolves a 35-state investigation led by Illinois into the company’s misleading advertising practices.
“This agreement prevents LifeLock from misrepresenting that its services offer absolute protection against identity theft,” Madigan said. “Consumers can take definitive steps to minimize the chances of having their personal information stolen, and this settlement will help them make more informed decisions about how to do that.”
“While LifeLock promised consumers complete protection against all types of identity theft, in truth, the protection it actually provided left enough holes that you could drive a truck through it,” said Leibowitz.
The FTC and state Attorneys General began jointly investigating LifeLock amid allegations that the company made a range of deceptive advertising claims that misled consumers to believe its fraud alert services were a “proven solution” that would protect against all forms of identity theft, including criminal, mortgage and child identity theft, largely by placing fraud alerts on its customers’ consumer records. (While a fraud alert is an effective way to protect against some types of identity theft, it cannot prevent all types of identity theft.) Some LifeLock ads even included CEO Todd Davis’ Social Security number, which Davis said showed “how confident I am in LifeLock’s proactive identity theft protection.”
The investigation also looked into whether Lifelock’s marketing materials overstated the risk of identity theft to increase product sales. In letters sent to some consumers, Lifelock warned recipients that they were at a heightened risk of identity theft when LifeLock had no basis for making such a claim.
The settlement resolves these allegations and requires that LifeLock pay $11 million in restitution to eligible consumers, who will be notified by the FTC and state Attorneys General about how they can opt in to the settlement. LifeLock also agreed to pay $1 million to cover the costs of the states’ investigation. This agreement is the largest privacy settlement reached jointly between the FTC and state Attorneys General.
Under the agreement, LifeLock is prohibited from misrepresenting that its services:
·Protect against all types of identity theft;
· Constantly monitor activity on each of its customers’ consumer reports;
· Always prompt a call from a potential creditor before a new credit account is opened in the customer’s name;
· Identified heightened risk; and
· Eliminate the risk of identity theft.
Other states participating in today’s agreement include: Alaska, Arizona, California, Delaware, Florida, Hawaii, Idaho, Indiana, Iowa, Kentucky, Maine, Maryland, Massachusetts, Michigan, Missouri, Mississippi, Montana, Nebraska, Nevada, New Mexico, New York, North Carolina, North Dakota, Ohio, Oregon, Pennsylvania, South Carolina, South Dakota, Tennessee, Texas, Vermont, Virginia, Washington and West Virginia.
Division Chief Deborah Hagan and Assistant Attorneys General Christine Nielsen and Joshua Orenstein handled the case for Madigan’s Consumer Protection Division.