News Ticker

FTC charges LifeLock with violating security consent order

LifeLock stock plunged 40 percent and trading was halted twice on a tweet from Federal Communications Commission chairwoman Edith Ramirez that the agency was charging the company with violating a 2010 consent order.

The FTC alleged that LifeLock continued to make deceptive claims about its identity theft protection procedures and failed to take steps required to protect customers’ personal data.

Details of the FTC’s action, filed with the U.S. District Court for the district of Arizona, were filed under seal. The FTC voted 4-1 on the action with commissioner Maureen Ohlhausen voting no.

LifeLock settled with the FTC and 35 state attorneys general for $12 million in 2010. As part of the settlement, LifeLock also agreed to stop making deceptive claims and to take more stringent measures to safeguard the personal information it collects from customers.

Despite the settlement, the FTC charged that between October 2012 through March 2014, LifeLock violated the 2010 order by failing to establish and maintain a comprehensive information security program to protect its users’ sensitive personal data, including credit card, social security, and bank account numbers. The FTC also charged LifeLock with false advertising when it said it used the same safeguards as financial institutions.

“It is essential that companies live up to their obligations under orders obtained by the FTC,” said Jessica Rich, FTC’s consumer protection bureau chief. “If a company continues with practices that violate orders and harm consumers, we will act.”

LifeLock said in a statement it would fight the agency in court and that FTC’s claims were all related to the past, not current business practices.

“LifeLock takes the accuracy of our advertising materials very seriously. The alerting claims raised by the FTC did not result in any known identity theft for LifeLock members. Based on the evidence, we do not believe that anything the FTC is alleging has resulted in any member’s data being taken. As required by the FTC’s consent order in 2010, LifeLock hired highly-credentialed, independent professionals to assess its information security….Every audit completed by those third parties affirmed that we were in compliance.”

To bolster its case, LifeLock’s statement included a statement from Gov. Tom Ridge, the former secretary of Homeland Security and the former Governor of Pennsylvania.

Here’s what a tweet from the FTC can do to a company’s stock.

LifeLockStockChart

New York Stock Exchange rules require a listed company to contact the exchange in advance of releasing news that may impact the trading of the stock so that the exchange can decide whether or not to halt trading.  The FTC, which is not bound by NYSE rules, released the news via a tweet and a press release.