ID fraud-prevention firm LifeLock hit with customer lawsuits
Class actions charge that company is overstating what it does for subscribers
Computerworld - As the CEO of LifeLock Inc., Todd Davis has attracted considerable attention and controversy by publicly posting his Social Security number on the company's Web site and publishing it in ads — all part of an effort to highlight LifeLock's identity theft protection service.
But now LifeLock customers in three states are suing Davis and his company for false advertising and deceptive trade practices. Class-action lawsuits filed over the past few weeks in New Jersey, Maryland and West Virginia allege that Tempe, Ariz.-based LifeLock is overstating the capabilities of its service and misleading customers about the guarantees that it makes to customers.
"Contrary to the all-encompassing impression created through LifeLock's advertisements, the protection it claims to provide only extends to limited instances of identity theft," claims the complaint filed against the company in New Jersey's Middlesex County Superior Court. The complaint also asserts that LifeLock actually has failed to protect Davis' identity, saying that his personal information has been misappropriated in at least 20 separate identity theft incidents.
For fees of $10 per month or $100 annually, LifeLock offers to remove the names of customers from junk-mail lists and place credit alerts on their behalf with all three of the major credit reporting agencies -- Equifax Inc., Experian Inc. and TransUnion LLC. The alerts require creditors to verify the identity of individuals before opening lines of credit or issuing new credit and debit cards in their names.
As part of the service, LifeLock automatically renews the credit alerts every 90 days, which is the maximum period for which they can be placed. According to LifeLock, a subscription also gets customers one free credit report annually from each of the credit reporting bureaus, plus help in notifying the agencies if a payment card is lost or stolen. In addition, LifeLock claims to monitor underground Web sites to see if the Social Security numbers and other personal data of customers are being illegally traded or used.
The company, which claims to have more than 900,000 customers, says that it will pay up to $1 million over the course of a subscriber's lifetime to cover any fraud-related costs caused by a failure of its service.
The problem, according to Justin Klein, an attorney for the class-action plaintiffs in New Jersey, is that LifeLock's service doesn't offer the amount of identity protection that its advertisements might lead people to believe. "LifeLock is advertising services that it simply cannot provide," Klein said, adding that the company also conceals some crucial facts from customers.
For example, the service is only useful against fraud that stems from access to a full credit report, Klein contended. He said that LifeLock's claims make it appear that the company can protect customers against all kinds of identity theft fraud, including incidents resulting from hacking and password theft. But that is not the case, Klein said.
LifeLock's ads also fail to mention that some of its services — such as the three annual credit reports it offers to obtain for customers — can be had for free, or that repeatedly placing credit alerts on people's records can adversely affect their ability to get loans and other types of credit, Klein said.
Furthermore, Klein claimed that LifeLock's $1 million reimbursement guarantee is only enforceable in certain very limited circumstances — for instance, if the company failed entirely to place a credit alert on behalf of a customer. The language associated with the guarantee also ensures a great deal of protection for LifeLock itself, according to the New Jersey complaint.
LifeLock officials couldn't be immediately reached for comment on the lawsuits.
The class actions aren't the only legal issues that LifeLock needs to contend with. In February, Experian sued the company in U.S. District Court in California, claiming that it was engaging in deceptive and fraudulent behavior by placing false fraud alerts on the consumer credit-history files maintained by the credit reporting bureau.
Experian alleged that LifeLock's actions were causing millions of dollars in excess administrative costs at the credit reporting firm and that the practices eventually could reduce the effectiveness of fraud alerts.
In response, Davis disputed Experian's interpretation of the use of credit alerts and said that what LifeLock does is perfectly legal. He also claimed that the lawsuit was largely motivated by concerns that LifeLock's service was competing with Experian's own fraud monitoring business and making it harder for Experian to sell credit records to third parties.
Read more about Privacy in Computerworld's Privacy Topic Center.
- Agility & Scalability for Oracle EBS R12 and RAC on VMware vSphere 5 This white paper outlines extensive performance and scalability testing of Oracle EBS applications on a Vblock™ Systems with vSphere 5.
- Oracle and VCE: The Next Step in Integrated Computing Platforms In this ESG Lab review you will learn how a VCE system driven by Oracle, delivers the perfect blend of high performance and...
- Migrate Oracle Apps from RISC/UNIX to Virtualized x86 Ready to move Oracle to a virtualized environment? This brief explains how true converged infrastructure can help you migrate from a RISC/UNIX environment...
- Step Out of the Bull's-Eye Learn about the evolution of targeted attacks, the latest in security intelligence, and strategic steps to keep your business safe.
- Data Protection and Disaster Recovery with iSCSI and VMware Get this on demand webcast now
- Keep Servers Up and Running and Attackers in the Dark An SSL/TLS handshake requires at least 10 times more processing power on a server than on the client. SSL renegotiation attacks can readily... All Privacy White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!