LifeLock has agreed to pay $100 million to settle a class action lawsuit and Federal Trade Commission (FTC) contempt charges. The FTC alleges that the company violated the terms of an earlier federal court order that required the company to secure consumers’ personal information and prohibits the company from deceptive advertising.
“This settlement demonstrates the Commission’s commitment to enforcing the orders it has in place against companies, including orders requiring reasonable security for consumer data,” said FTC Chairwoman Edith Ramirez. “The fact that consumers paid Lifelock for help in protecting their sensitive personal information makes the charges in this case particularly troubling.”
LifeLock said the allegations concerned past practices and noted that as part of the settlement, LifeLock neither confirms nor denies the allegations of the parties.
“The allegations raised by the FTC are related to advertisements that we no longer run and policies that are no longer in place. The settlement does not require us to change any of our current products or practices. Furthermore, there is no evidence that LifeLock has ever had any of its customers' data stolen, and the FTC did not allege otherwise," the company said in a prepared statement.
Of the $100 million, $68 million will be used to fund consumer redress expected to be ordered in a class action case and $32 million will be ussed to fund consumer redress in cases brought by various state attorneys general, the company said. Any leftover funds will revert to the FTC.
The FTC alleged that LifeLock violated four components of a 2010 federal court order. First, the FTC alleged that from at least October 2012 through March 2014, LifeLock failed to establish and maintain a comprehensive information security program to protect users’ sensitive personal information including their social security, credit card, and bank account numbers.
Second, the filing alleged that during this period LifeLock falsely advertised that it protected consumers’ sensitive data with the same high-level safeguards used by financial institutions.
Third, the FTC alleged that, from January 2012 through December 2014, LifeLock falsely advertised that it would send alerts “as soon as” it received any indication that a consumer may be a victim of identity theft. Finally, the FTC alleged that the company failed to abide by the order’s recordkeeping requirements.
The company said the settlement closed the book on the pending cases.
“The FTC’s approval is a key component of a comprehensive settlement designed to enable LifeLock to move forward with a singular focus on protecting our members from threats to their identity."