LifeLock has agreed to pay $12 million to settle charges that the company failed to protect customers against identity fraud as advertised and put customer data at risk.
The company was known for its bold marketing tactics, including one that backfired after Chief Executive Todd Davis put his Social Security number in ads to promote the company's service and then had someone use his identity to take out a loan in 2007.
The U.S. Federal Trade Commission and 35 state attorneys general had accused the Tempe, Ariz., company of deceptive business practices for making false claims to promote its identity theft protection services, for which it charged $10 a month. It is one of the largest FTC and state-coordinated settlements on record, the FTC said in a statement on Tuesday.
Under the settlement, LifeLock and its executives will barred from making deceptive claims and required to take more stringent measures to safeguard the personal information they collect from customers.
The complaint alleged that fraud alerts LifeLock placed on customer credit files only protected against certain forms of identity fraud and did not protect against misuse of existing accounts, which is the most common type of identity theft.
The FTC's complaint also alleged that claims that LifeLock prevented unauthorized changes to customers' address information, constantly monitored activity on customer credit reports, and ensured that customers would receive telephone calls before a new account was opened were false.
In addition, the company failed to protect customer data by neglecting to use encryption and failing to properly control access to the data with antivirus and other standard security measures.
"While LifeLock promised consumers complete protection against all types of identity theft, in truth, the protection it actually provided left enough holes that you could drive a truck through it," said FTC Chairman Jon Leibowitz.
LifeLock's Davis said the company was pleased with the settlement agreement.
"We welcome federal and state efforts to regulate our industry, because doing so helps to protect consumers from the risks of identity theft," he said in a statement.
"Nothing changes as a result of this settlement because it was based on activities from over two years ago," Davis added. "We agreed to settle this matter in order to quickly put this behind us so we can get back to doing what we do best--helping to protect our members from identity theft."
Updated at 8:52 p.m. EST to correct LifeLock CEO's last name. It is Davis.