Today the Federal Trade Commission announced that identity protection company LifeLock will pay $100 million for playing fast and loose with its customers' sensitive information, including names, social security numbers, credit card numbers, and bank information.
The settlement is the largest payout the FTC has ever won through an enforcement action. Customers who were part of a class-action suit against the company will get $68 million of that. The remainder of the sum "will be provided to the FTC for use in further consumer redress," the FTC's press release states.LifeLock was given a slap on the wrist and a $12 million fine in 2010 for falsely advertising its identity theft protection services. The company had advertised that for $10 a month, it would guarantee protection against identity theft, but the FTC charged that LifeLock merely put fraud alerts on its customers' credit files, which did not protect against identity theft from existing accounts, nor did it prevent fraudsters from using a person's ID to get medical care or to apply for jobs. LifeLock's CEO, Todd Davis, famously advertised his company's services by displaying his social security number in ads. That act of hubris reportedly resulted in Davis' identity being stolen 13 times.
At the time, the FTC also accused LifeLock of claiming that its customers' information was more secure than it actually was, when in fact the information the company received was not encrypted, nor was there a system in place to reduce employee access to the company's database.
LifeLock was ordered to implement better security practices, but in a new complaint filed in July of this year, the FTC alleged that LifeLock failed to implement the required changes.
This time around, LifeLock's alleged misdeeds include failing to establish a system to protect all the information that LifeLock gathered, falsely advertising that the company protected its data as closely as financial institutions must protect their information, falsely advertising that LifeLock customers would receive alerts the moment that the company noticed any suspected fraud, and failing to follow the record-keeping rules that the FTC imposed on the company in 2010.
According to SEC filings, LifeLock generated $476 million in revenue in 2014, "an increase of $106.4 million from $369.7 million in 2013," the company wrote. In addition to the $100 million settlement that the company will have to pay, LifeLock said in a press release to investors that it also owes $13 million in additional legal and administrative fees.
In a statement today, LifeLock wrote, "The allegations raised by the FTC are related to advertisements that we no longer run and policies that are no longer in place. The settlement does not require us to change any of our current products or practices. Furthermore, there is no evidence that LifeLock has ever had any of its customers' data stolen, and the FTC did not allege otherwise."
This entry passed through the Full-Text RSS service - if this is your content and you're reading it on someone else's site, please read the FAQ at http://ift.tt/jcXqJW.
http://ift.tt/1lUnOF4 LifeLock ID protection service to pay record $100 million for failing customers via top scoring links : news http://ift.tt/1NAv3sv
Put the internet to work for you.
No comments:
Post a Comment