LifeLock, the Tempe-based company that claims it can protect customers from identify theft, saw its stock value cut in half on Tuesday after the Federal Trade Commission accused it of violating terms of a 2010 settlement agreement.
LifeLock has a history of deceiving the public and its customers, starting with the lies about how the company began that were exposed by New Times in 2007 and led to the resignation of its founder, Robert J. Maynard Jr.
In a follow-up article in 2010, New Times reported how CEO Todd Davis — who infamously broadcast his Social Security Number in ads, claiming his company could protect him — was in fact victimized by identify theft 13 times because of the ad campaign. That year, the FTC found that LifeLock had engaged in deceptive advertising and fined it $12 million — nearly gutting the company.
After the FTC filed paperwork (see below) in federal court on Tuesday that made several damning allegations, the firm's stock plummeted so quickly that it tripped "circuit breakers that halted trading," the Wall Street Journal reported; the stock closed 49 percent down at $8.15.
In the "notice of lodging proposed documents under seal," the FTC alleges that:
"... from at least October 2012 through March 2014, Lifelock [sic] violated the 2010 Order by:
"1) failing to establish and maintain a comprehensive information security program to protect its users’ sensitive personal data, including credit card, social security, and bank account numbers;
"2) falsely advertising that it protected consumers’ sensitive data with the same high-level safeguards as financial institutions;
"3) failing to meet the 2010 order’s record-keeping requirements; and
"4) from at least January 2012 through December 2014, falsely claiming it protected consumers’ identity 24/7/365 by providing alerts “as soon as” it received any indication there was a problem, hereby gives notice to all interested parties..."
Among the documents filed under seal by Greg Madden of the FTC is a motion for contempt against LifeLock.
"It is essential that companies live up to their obligations under orders obtained by the FTC," said Jessica Rich, the FTC's director of consumer protection, in a news release. "If a company continues with practices that violate orders and harm consumers, we will act."
The FTC is asking the court "to impose an order requiring LifeLock to provide full redress to all consumers affected by the company's order violations."
Is this the end of LifeLock?
The FTC's fourth bullet-point echoes details found in a July 2013 civil complaint filed in Maricopa County Superior Court about "alert throttling."
In the complaint, Stephen P. Burke, a former senior financial analyst for the company, claimed that LifeLock retaliated against him after he raised concerns with superiors that the company was not performing for its customers as advertised. Burke's complaint mentions that in a recent U.S. Securities and Exchange Commission filing at the time, LifeLock had stated:
"We are a leading provider of proactive identify theft protection services for consumers and identity risk assessment and fraud protection services for enterprises... We protect our enterprise customers by delivering on-demand identity risk and authentication information about consumers. Our enterprise customers utilize this information in real time to make decisions about opening or modifying accounts and providing products, services, or credit to consumers to reduce financial losses from identity fraud."
In contrast to that rosy assertion, Burke and his lawyers alleged that LifeLock:
"...continues to have widespread system problems in processing alerts and sending them out to customers as promised in its national marketing campaigns. The problem of timely informing customers that their credit information was accessed is so widespread that [LifeLock] instituted a code freeze.
"In essence, [LifeLock] is deliberately 'stepping on the brakes' with regard to sending this critical information to customers on a timely basis, and worse, often choosing not to send these alerts out of at all. This practice has been referred to as 'throttling.'"
Burke said in the complaint that he took his knowledge of the problem to a supervisor, Greg Lim, in early 2013, telling him "he felt this activity was deceptive and most likely violated" the 2010 settlement agreement with the FTC. He allegedly told Lim that LifeLock "should adjust its marketing messaging to reflect this diminished service and asked Mr. Lim to look into this."
Burke claims LifeLock soon began hitting him with negative performance evaluations that weren't warranted, even though his work had previously been considered stellar. The case is ongoing in county court.
The concept for LifeLock was invented by Maynard Jr., a Valley native and risk-taking entrepreneur. He formed a team in 2005 that included Davis, other business experts, and investors. Distinguishing the company from other would-be anti-identity-theft firms, LifeLock was propelled by intense marketing and advertising campaigns.
Maynard and David took to the airwaves in the mid-2000s, talking about how Maynard had once spent a week in jail because of identify theft. They capitalized on the paranoia many people feel about becoming victim to the intrusive, personal crime of ID theft.
As we exposed in 2007, it was true that Maynard had been to jail, but it hadn't been because of identity theft. He'd been arrested for blowing off a $16,000 casino marker in Las Vegas — the equivalent of cashing a bad check.
Our story also revealed Maynard's past as a shady businessman, noting that the FTC had banned him for life from the consumer-credit protection racket. He soon resigned from the company. We followed-up with a story about how LifeLock's service was unnecessary, if not a complete waste of money. Criticism of LifeLock around the country became more widespread than ever.
Yet LifeLock, with its gung-ho capital investors, doubled-down on its advertising budget and marketing tactics. Their strategy drowned out the critics, and the company kept climbing:
As we wrote in our 2010 feature article, "Cracking LifeLock:"
There were many arguably excellent reasons not to sign up for LifeLock, critics noted, one of the strongest being that anybody with average intelligence and a computer can perform its most touted service, setting fraud alerts on a personal credit file, for free in minutes. Supposed insiders also claimed LifeLock's customer data wasn't secure, putting customers at risk of the very sort of crime LifeLock purports to prevent.
Lawyers began drawing up class-action lawsuits for aggrieved customers. And Experian, one of the big three national credit bureaus, sued LifeLock in early 2008 over its abuse of a federal law set up to help consumers.
The Federal Trade Commission, despite agreeing with New Times that a case of false advertising could possibly be made on the story of Maynard's jailing, did nothing at the time. Neither did state Arizona Attorney General Terry Goddard.
Meanwhile, LifeLock, founded with millions of dollars in seed money from venture capitalists like Bessemer Venture Partners and Goldman Sachs, kept pumping out ads that grew its customer base to amazing heights.
Despite naysayers' questions, LifeLock boasted in May 2008 that it had signed up its millionth customer. LifeLock was — and remains — a cash machine.
Such phenomenal success helped the company weather its two biggest legal challenges: the first in October 2009, when the company settled with Experian and agreed to stop setting fraud alerts on behalf of its customers; the second when the FTC hit LifeLock with the $12 million penalty.
Though the FTC took all the cash LifeLock had on hand, the settlement didn't stop investors from re-energizing the company with millions of dollars in new capital.
From the start, one of LifeLock's strengths has been its aggressive marketing campaign, and the result hasn't just meant customers. LifeLock has wormed its way into Americana, holding itself up as a beacon of identity-theft awareness and education. It's bought its way onto race cars, the jerseys of the Phoenix Mercury, and onto the signage at US Airways Arena, where the Mercury and Phoenix Suns play.
Davis and LifeLock's marketers, likened to "con artists" by the FTC's chairman, have even ingratiated themselves with law enforcement agencies around the country, using their ill-gotten gains to help pay for identity-theft summits. The arrangements give LifeLock the legitimacy it seeks to counter the claims of consumer advocates.
The company went public in August 2012, making an initial public offering of 15.7 million shares at $9 apiece.
The stock is at $8.64 so far this morning, which doesn't look like much of a recovery from Tuesday's slaughter.
Maybe it's time for a new TV campaign? Sports team? Hire more bloggers?
LifeLock issued a statement Tuesday denying the FTC's allegations.
"We disagree with the substance of the FTC’s contentions and are prepared to take our case to court," LifeLock wrote. "Security of our systems has always been, and will remain, of primary importance to us. Based on the evidence, we do not believe that anything the FTC is alleging has resulted in any member’s data being taken."
We Believe Local Journalism is Critical to the Life of a City
Engaging with our readers is essential to Phoenix New Times's mission. Make a financial contribution or sign up for a newsletter, and help us keep telling Phoenix's stories with no paywalls.
Support Our Journalism
And Maynard Jr.? He went to Hawaii after LifeLock, invested a reported $9 million in an ocean adventure company that soon failed. The Chapter 7 bankruptcy he filed in 2013 follows his 2005 and 1990 bankruptcies.