As the CEO of LifeLock, Todd Davis has attracted considerable attention and controversy by publicly posting his Social Security number on the company's Web site and publishing it in ads all part of an effort to highlight LifeLock's identity theft protection service.
But now LifeLock customers in three states are suing Davis and his company for false advertising and deceptive trade practices. Class-action lawsuits filed over the past few weeks in New Jersey, Maryland and West Virginia allege that LifeLock is overstating the capabilities of its service and misleading customers about the guarantees that it makes to customers.
"Contrary to the all-encompassing impression created through LifeLock's advertisements, the protection it claims to provide only extends to limited instances of identity theft," claims the complaint filed against the company in New Jersey's Middlesex County Superior Court. The complaint also asserts that LifeLock actually has failed to protect Davis' identity, saying that his personal information has been misappropriated in at least 20 separate identity theft incidents.
For fees of US$10 per month or $100 annually, LifeLock offers to remove the names of customers from junk-mail lists and place credit alerts on their behalf with all three of the major credit reporting agencies. The alerts require creditors to verify the identity of individuals before opening lines of credit or issuing new credit and debit cards in their names.
As part of the service, LifeLock automatically renews the credit alerts every 90 days, which is the maximum period for which they can be placed. According to LifeLock, a subscription also gets customers one free credit report annually from each of the credit reporting bureaus, plus help in notifying the agencies if a payment card is lost or stolen. In addition, LifeLock claims to monitor underground Web sites to see if the Social Security numbers and other personal data of customers is being illegally traded or used.
The company, which claims to have more than 900,000 customers, says that it will pay up to US$1 million over the course of a subscriber's lifetime to cover any fraud-related costs caused by a failure of its service.
The problem, according to Justin Klein, an attorney for the class-action plaintiffs in New Jersey, is that LifeLock's service doesn't offer the amount of identity protection that its advertisements might lead people to believe. "LifeLock is advertising services that it simply cannot provide," Klein said, adding that the company also conceals some crucial facts from customers.
For example, the service is only useful against fraud that stems from access to a full credit report, Klein contended. He said that LifeLock's claims make it appear that the company can protect customers against all kinds of identity theft fraud, including incidents resulting from hacking and password theft. But that is not the case, Klein said.
LifeLock's ads also fail to mention that some of its services -- such as the three annual credit reports it offers to obtain for customers -- can be had for free, or that repeatedly placing credit alerts on people's records can adversely affect their ability to get loans and other types of credit, Klein said.
Furthermore, Klein claimed that LifeLock's US$1 million reimbursement guarantee is only enforceable in certain very limited circumstances -- for instance, if the company failed entirely to place a credit alert on behalf of a customer. The language associated with the guarantee also ensures a great deal of protection for LifeLock itself, according to the New Jersey complaint.