LifeLock, the online identity protection company, has agreed to pay $100 million to settle charges it failed to comply with a 2010 federal court order that it secure its customer's online personal information and prohibiting it from deceptive advertising.
LifeLock was settling a July 2015 contempt motion filed with the court by the FTC and alleging noncompliance with the 2010 order.
The FTC alleged the company had 1) not established a comprehensive program to protect sensitive personal information, including social security numbers, credit cards and bank accounts; 2) falsely advertised that it did protect that data as securely as a financial institution; 3) falsely advertised it would alert victims ASAP of possible data theft; and 4) failed to do the proper recordkeeping per the 2010 order.
Of the $100 million, $68 million will go to consumers in class actions—though only for redress and not for lawyers fees. Other monies will go to settlements between LifeLock and individual attorneys general.
LifeLock will also pay an additional $13 million to administer the redress.
The vote was 3-1 with Republican Maureen Ohlhausen voting no, as she did on the contempt order, saying the record "lacks clear and convincing evidence that LifeLock failed to establish and maintain a comprehensive information security program designed to protect the security, confidentiality, and integrity of consumers’ personal information."
LifeLock neither confirmed nor denied the allegations, and released the following statement:
“The allegations raised by the FTC are related to advertisements that we no longer run and policies that are no longer in place. The settlement does not require us to change any of our current products or practices. Furthermore, there is no evidence that LifeLock has ever had any of its customers' data stolen, and the FTC did not allege otherwise.
“As part of our commitment to continual improvement, in recent years we have made significant investments in our people, process and systems throughout the company to address ever more complex and pervasive identity threats. We are pleased to put this matter behind us and look forward to continuing to provide industry-leading identity protection services to our members.”