The still-unfolding Equifax hack that compromised Social Security numbers, addresses, and dates of birth of more than 140 million Americans has sent people scrambling to protect their personal information. Many of them have flocked to a company right here in Arizona: LifeLock.
What those customers may not know is that by enrolling with the Tempe-based identity-protection company, they’re signing up for services that rely on Equifax data. Not only that, but every time someone signs up for LifeLock, they’re sending money to Equifax — LifeLock purchases credit-monitoring services from Equifax.
When asked whether LifeLock is re-evaluating its relationship with Equifax because of the data breach, a company spokesperson wrote in an email, “We will continue to work with all the bureaus since credit monitoring is an important component of identity theft protection.”
Senator Elizabeth Warren of Massachusetts zeroed in on this LifeLock-Equifax relationship earlier this month. She grilled embattled former CEO of Equifax Richard Smith during a Senate hearing.
WARREN: LifeLock, another company that sells credit monitoring, has now seen a tenfold increase in enrollment since Equifax announced the breach. According to filings with the SEC, LifeLock purchases credit-monitoring services from Equifax. And that means, someone buys credit-monitoring through LifeLock, LifeLock turns around and passes some of that revenue directly along to Equifax. Is that right, Mr. Smith?Smith, who was ousted after the data breach, looked ashen as he appeared before members of the Senate Banking Committee. Later during Warren’s questioning, Smith offered a muddled attempt to clear up the LifeLock-Equifax relationship. Warren wasn’t having it.
SMITH: That is correct.
WARREN: That’s correct? Okay. So, from the second Equifax announced this massive data breach, Equifax has been making money off consumers who purchase their credit-monitoring through LifeLock.
SMITH: Senator, there’s one clarification. You’d mentioned the LifeLock relationship, which was accurate. At the same time, the majority of that revenue we normally generate is direct-to-consumer. We’ve shut that down, we’re no longer selling consumer product directly —
WARREN: I’m sorry, my question is, every time somebody buys through LifeLock — and they’ve seen a tenfold increase since the breach — you make a little more money. We actually called the LifeLock people to find this out, so I asked you the question but I already know the answer: It’s true. You’re making money off this.
So, if LifeLock touts itself as an identity-theft protection company, but purchases credit-monitoring services from Equifax, doesn't that mean LifeLock’s defenses are only as good as Equifax’s?
Not according to LifeLock. A company spokesperson argued that LifeLock works with all three credit bureaus, not just Equifax, and has its own data sources.
“Our customers trust us with important data and we continually update our strong information security program to maintain that trust,” the spokesperson wrote. “We make substantial investments in people, processes and systems to ensure that our members’ data is protected against ever more complex and pervasive threats.”
An identity-theft protection company owned by software giant Symantec, LifeLock's website and phone lines were tied up during the news frenzy over the Equifax hack, with people seeking out credit monitoring and the company's purported identity-theft protection plans.
It's pretty clear that a credit disaster affecting millions of Americans is providing an anxiety-fueled jolt to LifeLock's bottom line.
“We have seen an increase to our business due to the greater awareness of the risk we all live with every day,” a spokesperson wrote in an email to Phoenix New Times. “It's not surprising that more people are searching for solutions.”
Even so, late-night television has also seized on the dodgy relationship between LifeLock and Equifax. Sunday night, John Oliver skewered the two companies, one after another, from behind the desk at HBO.
“Some of the money that you pay to LifeLock goes right back to fucking Equifax,” Oliver fumed, before mocking an audacious past LifeLock ad campaign from then-CEO Todd Davis.
Davis put his real, actual Social Security number on billboards and trucks — a bold show of confidence in LifeLock’s protection services. Surprising no one, his identity was stolen 13 times, according to a New Times investigation.
The recent Senate Banking Committee Hearing wasn't LifeLock's first trip through the gauntlet of federal watchdogs. In 2010, the Federal Trade Commission ruled that LifeLock had engaged in deceptive advertising practices, and hit the company with a $12 million fine.
Five years later, the FTC said LifeLock had violated the terms of that settlement, sending the company's stock value into a nosedive.
Despite the criticism, LifeLock is forging ahead, advertising its services on its homepage with a not-so-subtle reference to Equifax.
"A major credit bureau recently experienced a breach potentially impacting about 143 million people. With your personal info, criminals can open accounts, file tax returns, buy property and more. Don’t wait to get identity theft protection," the homepage says.
Plans start at $9.99/month — no mention on how much of that money makes its way back to Equifax.
