WASHINGTON (Reuters) - LifeLock Inc, which sells identity theft monitoring and fraud detection services, has agreed to pay $100 million to settle charges that it failed to properly protect its customers’ data, the Federal Trade Commission said on Thursday.
The FTC had accused LifeLock, which is based in Tempe, Arizona, of violating a 2010 court order that required it to take steps to secure data properly and said that LifeLock falsely advertised that it protected that information, among other allegations.
The $100 million is to be deposited to the U.S. District Court for the District of Arizona. A total of $68 million may be used to reimburse consumers in a class-action lawsuit. The balance will be used by the FTC to reimburse LifeLock customers not involved in the lawsuit, an FTC spokesman said.
The company charges $9.99 per month to monitor a customers’ accounts to get an early warning of identity theft and to help them clean up the mess when identity theft occurs.
LifeLock said in the court filing that it neither admitted nor denied the FTC’s allegations. The company’s stock is down 2.3 percent at $13.96 in midday trade.
LifeLock said in a statement that it had already done system upgrades and taken other steps to address issues raised by the government.
“The allegations raised by the FTC are related to advertisements that we no longer run and policies that are no longer in place,” the company said. “There is no evidence that LifeLock has ever had any of its customers’ data stolen, and the FTC did not allege otherwise.”
LifeLock paid $12 million in 2010 to settle charges that it overstated the value of its services. The FTC said then that LifeLock advertised that it could stop identity theft for consumers who buy its service. But the FTC said the company’s fraud alerts did not protect customers from misuse of existing accounts, the most common form of the crime.
As part of the settlement announced on Thursday, LifeLock is required to refrain from misrepresenting how much they can do to protect their customers from identity theft and to implement a data security program, according to a court filing.
The commission voted 3 to 1 to approve the settlement. Maureen Ohlhausen, the sole Republican on the panel, said in her dissent that she was unconvinced that LifeLock had fallen short in protecting its customers data.
“During the relevant period, reputable third parties certified that LifeLock complied with the industry-standard Payment Card Industry Data Security Standard (PCI DSS)2 and other data security standards,” she wrote. “Nor is there evidence that LifeLock subscribers’ information suffered a breach.”
Reporting by Diane Bartz; Editing by Eric Walsh, Bill Trott and Bernard Orr
Our Standards: The Thomson Reuters Trust Principles.