LifeLock settles with FTC for $12 million

NEW YORK (CNNMoney.com) -- Federal regulators said Tuesday that LifeLock has agreed to pay $12 million to settle charges the company made deceptive claims about its ability to protect customers from identity theft.

LifeLock will pay $11 million to the Federal Trade Commission and $1 million to a group of 35 state attorneys general in one of the largest joint FTC-state settlements on record, the agency said.

"While LifeLock promised consumers complete protection against all types of identity theft, in truth, the protection it actually provided left enough holes that you could drive a truck through it," said FTC Chairman Jon Leibowitz in a statement.

LifeLock charges $10 a month for services it says will help keep users safe from identity theft. Since 2006, the company has marketed its services by displaying the the Social Security number of chief executive, Todd Davis, on the side of a truck.

Davis, who was named in the FTC's complaint, said in a statement that he is pleased with the settlement, adding that the agreement will help "set advertising standards for the entire identity theft protection industry."

"Nothing changes as a result of this settlement because it was based on activities from over two years ago," Davis said. "We agreed to settle this matter in order to quickly put this behind us so we can get back to doing what we do best -- helping to protect our members from identity theft."

The FTC said LifeLock's past advertisements made "deceptive claims," including that its services could guarantee protection against identity theft and that it was the first company to prevent identity theft from occurring.

In its complaint, the FTC alleged that LifeLock offered customers "fraud alerts" on credit files that gave customers no protection against the misuse of existing accounts, which the agency says is the most common type of identity theft.

The FTC also charged that LifeLock falsely claimed to prevent unauthorized changes to customers' address information. It also disputed the company's assertion that it constantly monitored activity on customer credit reports, and that customers could always receive a telephone call from a potential creditor before a new account was opened.

In addition, the FTC alleged that LifeLock made untrue statements about its own data security. Despite saying that sensitive information was only accessed on a "need-to-know" basis, LifeLock "routinely collected" social security numbers and credit card numbers from customers, regulators said.

Under the terms of the settlement, LifeLock will be barred from making deceptive claims and will be prohibited from misrepresenting its services. The terms also put limitations on the company's ability to state the risks of identity theft and will require LifeLock to establish a new data security program that will be subject to third-party assessments for the next 20 years.

"This agreement effectively prevents LifeLock from misrepresenting that its services offer absolute prevention against identity theft because there is unfortunately no foolproof way to avoid ID theft," Illinois Attorney General Lisa Madigan said in a statement.

Madigan continued: "Consumers can take definitive steps to minimize the chances of having their personal information stolen and this settlement will help them make more informed decisions about whether to enroll in ID theft protection services."