ID theft protection firm sued

[Richard Forno <rforno () infowarrior org>]

ID theft protection firm sued
LifeLock misinformed customers, lawsuit says

http://www.wvgazette.com/News/200805172662

For a time, the ads were everywhere on TV and radio, the ones with the  
head of a security company brazenly challenging would-be thieves to  
try to steal his identity.

By Andrew Clevenger
Staff writer

For a time, the ads were everywhere on TV and radio, the ones with the  
head of a security company brazenly challenging would-be thieves to  
try to steal his identity.

Richard Todd Davis, CEO of LifeLock Inc., was so confident in his  
company's ability to protect his identity that he publicly revealed  
his Social Security number: 457-55-5462.

But according to a new class-action lawsuit filed last week in Jackson  
County, LifeLock's identity theft protection services were so inept  
that Davis' personal information was stolen repeatedly.

"While LifeLock has only publicly acknowledged that Davis' identity  
was compromised on one occasion, there are more than 20 driver's  
licenses that have been fraudulently obtained [using his personal  
information]," the suit states.

"Furthermore, a simple background check performed using Davis' Social  
Security number reveals that his entire personal profile has been  
compromised to the extent that the birth date associated with his  
Social Security number is Nov. 2, 1940, which would [inaccurately]  
make Davis 67 years old."

The lawsuit maintains that LifeLock, which claims on its Web site to  
be "the industry leader in the rapidly growing field of Identity Theft  
Protection," made false and misleading claims in its multimillion- 
dollar ad campaign about the level of protection it provides.

"Through its advertisements, LifeLock misrepresents and assures  
consumers that it can protect against all types of fraud including,  
without limitation, computer hacking, password theft and other  
noncredit-related theft," the suit reads.

But LifeLock doesn't protect against many forms of identity theft,  
according to the lawsuit.

The Arizona-headquartered company does place and renew fraud alerts on  
its subscribers' credit profiles. But it does nothing to combat  
breaches involving personal bank, employment or medical information,  
as well as theft pertaining to government documents and benefits, the  
suit alleges.

"LifeLock knows, yet fails to disclose, that the services it provides  
do not offer the breadth of protection that it promotes through its  
massive advertising campaign," the suit states.

The West Virginia suit follows similar suits filed in New Jersey in  
March and Maryland in April. It asks the judge to certify it as a  
class-action suit.

The lawsuit was filed on behalf of Kevin Gerhold of Falling Waters,  
and maintains that there are numerous other state residents who were  
similarly misled into signing up.

Gerhold was attracted by LifeLock's $1 million guarantee against any  
damages resulting from breaches that occur under the company's watch.

But even that is misleading, according to Charleston attorney David  
Grubb, who is serving as the suit's local counsel.

"In actuality, once you get beyond the numerous legal limitations and  
disclaimers, the policy really only guarantees that LifeLock will  
investigate how to fix its failure," Grubb said in a news release.  
"The subscriber receives no monetary recompense and no guarantee that  
their reputation and credit status will be restored."

According to the suit, the company has almost 1 million subscribers  
who pay roughly $110 a year for LifeLock's protection.

"This is a service that you pay for and it kind of lays dormant," said  
David Paris, an attorney with the New Jersey firm Marks & Klein who is  
heading the case against LifeLock. "So no one knows that they're not  
getting what they paid for, because they don't know what to look for."

Paris said that consumers can activate for free the same safeguards  
that LifeLock does, but the company fails to mention that in its  
marketing campaign.

The suit alleges that LifeLock's services can actually harm its  
clients because the constant placement of fraud alerts can prevent  
them from getting a home loan or refinancing their existing loans.

In addition, the company fails to reveal that it obtains its credit  
reports by requesting on its clients' behalf their free annual credit  
report. That means consumers can't ask for their own free report for  
at least 12 months, according to the suit.

The suit also traces what it calls the "nefarious origin" of the  
company, including the background of Robert J. Maynard Jr., who co- 
founded the company with Davis in 2005.

"Upon information and belief, Maynard developed the idea for LifeLock  
while sitting in a jail cell after having been arrested for failure to  
repay a $16,000 casino marker taken out at the Mirage Hotel in Las  
Vegas," the suit states.

Maynard was sanctioned by the Federal Trade Commission because of  
misleading infomercials for National Credit Foundation, a separate  
credit-improvement company, according to the suit.

The suit also maintains that Maynard stole his father's identity by  
using his information to get an American Express card, which he used  
to rack up more than $100,000 of debt.

Paris said he plans to file another suit in a fourth state soon, and  
he is still gathering information about LifeLock's practices.

"In Wisconsin, a woman's debit card was stolen, and that thief used  
that card to sign up for LifeLock," he said. "If you can't provide the  
basic information to verify someone for subscription purposes, how can  
you be relied upon to protect people's identities?"

To contact staff writer Andrew Clevenger, use e-mail or call 348-1723. 
_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/dataloss

Tenable Network Security offers data leakage and compliance monitoring
solutions for large and small networks. Scan your network and monitor your
traffic to find the data needing protection before it leaks out!
http://www.tenablesecurity.com/products/compliance.shtml