FTC Charges LifeLock with Failure to Protect Credit Card, Bank Account Data

Identity theft protection company LifeLock is coming under fire from the Federal Trade Commission for failing to adequately protect customers' credit card and bank account data, Social Security numbers and other sensitive personal information, among other allegations.

The agency filed documents Tuesday with the U.S. District Court for the District of Arizona asking it to reinforce a 2010 Order against LifeLock, which has ostensibly violated the obligations of its settlement with the FTC and 35 other states.

The suit accused LifeLock of using false claims to promote its identity theft services. As part of the $12 million settlement, the company and its principals agreed to end the deceptive claims and employ stricter protections of customer data.

Now, the FTC alleges that for at least 17 months from October 2012, LifeLock violated its order by "failing to establish and maintain a comprehensive information security program" to protect user data. It also says the company falsely claimed sensitive user data was protected with "the same high-level safeguards as financial institutions."

The agency is also asking that the Court require LifeLock to provide full redress to customers affected by its violations.

"It is essential that companies live up to their obligations under orders obtained by the FTC," said Jessica Rich, director of the FTC's Bureau of Consumer Protection. "If a company continues with practices that violate orders and harm consumers, we will act."

For reprint and licensing requests for this article, click here.
Bank technology Law and regulation Data security Enforcement
MORE FROM AMERICAN BANKER