FTC says LifeLock didn’t set up information security program and is violating

Federal officials asked the U.S. District Court for the District of Arizona on Tuesday to order LifeLock to provide redress to all customers it says were affected by the company’s failure to meet the terms of the 2010 settlement.

The 2010 settlement forbid LifeLock to establish more rigorous security measures and refund $12 million to customers.

Company co-founder and CEO Todd Davis used to put his own social security number on business cards and company trucks to advertise LifeLock’s services, and the company has seen its revenue climb as companies and government institutions continued to report data breaches.

In new charges against LifeLock, the FTC is asking that the company rebate customers who were harmed by its false promises.

“It is essential that companies live up to their obligations under orders obtained by the FTC”, said Jessica Rich, director of the FTC’s Bureau of Consumer Protection, in a statement.

Since then, the FTC said LifeLock has not lived up to the agreement.

LifeLock said the FTC’s actions and statements are related to past business practices and that it is prepared to defend itself in court.

Four years after LifeLock paid the eight-figure settlement related to false claims in its advertising, the Federal Trade Commission said LifeLock still had not set up a comprehensive program to protect sensitive data like credit card numbers, Social Security numbers and bank account numbers.

“LifeLock hired highly-credentialed, independent professionals to assess its information security”, the company said.

“We are committed to maintaining high standards and to continual improvement, and we have spent thousands of hours and millions of dollars to achieve those standards in full compliance with the order”, read the statement in part.

The FTC also asserts that from at least January 2012 through December 2014, LifeLock falsely claimed it protected consumers’ identity 24/7/365 by providing alerts “as soon as” it received any indication there was a problem.

“LifeLock takes the accuracy of our advertising materials very seriously”. LifeLock’s threat detection, proactive identity alerts, and remediation services help provide peace of mind for consumers amid the growing threat of identity theft.

The company added that “the FTC is not seeking any relief that would change LifeLock services and products going forward”.

As the FTC has gradually become the government’s de facto data security watchdog, the vast majority of dinged companies have chosen to settle with the agency rather than go to court.