Identity theft protection company still misleading consumers about its strength – FTC

As continued cyber-attacks raise concern over the security of Americans’ information, the US government is charging one identity theft protection company with continuing to mislead customers about the strength of its services.

The company in question, LifeLock, continues to falsely claim it is protecting customers by using the same kind of advanced protections deployed at financial institutions, the Federal Trade Commission argued in documents filed in the Arizona US District Court on Tuesday. LifeLock’s failure to implement better security systems is a violation of a $12 million settlement, the FTC added.

As a result, the FTC is asking the court to order LifeLock to “provide full redress to all consumers affected by the company’s order violations.”

Back in 2010, LifeLock reached a settlement with the FTC and 35 states in which the company agreed to beef up its security measures and refund customers for poor service. However, the FTC stated that from October 2012 through March 2014, the company violated the settlement by “failing to establish and maintain a comprehensive information security program to protect its users’ sensitive personal data, including credit card, social security, and bank account numbers.”

Additionally, LifeLock “falsely [advertised] that it protected consumers’ sensitive data with the same high-level safeguards as financial institutions” and failed to maintain the records mandated by the 2010 settlement.

“It is essential that companies live up to their obligations under orders obtained by the FTC,” said Jessica Rich, Director of the FTC’s Bureau of Consumer Protection in a statement. “If a company continues with practices that violate orders and harm consumers, we will act.”

A couple of months after the settlement was agreed to, it was revealed by Wired that LifeLock CEO Todd Davis had his identity stolen 13 times. In advertisements for the service, Davis tried to sell users on the company’s protection capabilities by openly displaying his Social Security number.

It’s unclear what, if any, new penalties LifeLock could face because of these allegations. Details of the FTC’s actions against the company are filed under seal and only the court can decide what to make public.

However, LifeLock issued a statement saying it does not agree with the FTC and that it’s "prepared to take our case to court."

"Security of our systems has always been, and will remain, of primary importance to us. Based on the evidence, we do not believe that anything the FTC is alleging has resulted in any member's data being taken. As required by the FTC's consent order in 2010, LifeLock hired highly credentialed, independent professionals to assess its information security," the company said.

Nevertheless, the company was hit hard by the news on the stock market, where shares dove by 49 percent.