http://www.wvgazette.com/News/200805172662 By Andrew Clevenger Staff writer The Charleston Gazette May 18, 2008 For a time, the ads were everywhere on TV and radio, the ones with the head of a security company brazenly challenging would-be thieves to try to steal his identity. Richard Todd Davis, CEO of LifeLock Inc., was so confident in his company's ability to protect his identity that he publicly revealed his Social Security number: 457-55-5462. But according to a new class-action lawsuit filed last week in Jackson County, LifeLock's identity theft protection services were so inept that Davis' personal information was stolen repeatedly. "While LifeLock has only publicly acknowledged that Davis' identity was compromised on one occasion, there are more than 20 driver's licenses that have been fraudulently obtained [using his personal information]," the suit states. "Furthermore, a simple background check performed using Davis' Social Security number reveals that his entire personal profile has been compromised to the extent that the birth date associated with his Social Security number is Nov. 2, 1940, which would [inaccurately] make Davis 67 years old." The lawsuit maintains that LifeLock, which claims on its Web site to be "the industry leader in the rapidly growing field of Identity Theft Protection," made false and misleading claims in its multimillion-dollar ad campaign about the level of protection it provides. "Through its advertisements, LifeLock misrepresents and assures consumers that it can protect against all types of fraud including, without limitation, computer hacking, password theft and other noncredit-related theft," the suit reads. But LifeLock doesn't protect against many forms of identity theft, according to the lawsuit. The Arizona-headquartered company does place and renew fraud alerts on its subscribers' credit profiles. But it does nothing to combat breaches involving personal bank, employment or medical information, as well as theft pertaining to government documents and benefits, the suit alleges. "LifeLock knows, yet fails to disclose, that the services it provides do not offer the breadth of protection that it promotes through its massive advertising campaign," the suit states. The West Virginia suit follows similar suits filed in New Jersey in March and Maryland in April. It asks the judge to certify it as a class-action suit. The lawsuit was filed on behalf of Kevin Gerhold of Falling Waters, and maintains that there are numerous other state residents who were similarly misled into signing up. Gerhold was attracted by LifeLock's $1 million guarantee against any damages resulting from breaches that occur under the company's watch. But even that is misleading, according to Charleston attorney David Grubb, who is serving as the suit's local counsel. "In actuality, once you get beyond the numerous legal limitations and disclaimers, the policy really only guarantees that LifeLock will investigate how to fix its failure," Grubb said in a news release. "The subscriber receives no monetary recompense and no guarantee that their reputation and credit status will be restored." According to the suit, the company has almost 1 million subscribers who pay roughly $110 a year for LifeLock's protection. "This is a service that you pay for and it kind of lays dormant," said David Paris, an attorney with the New Jersey firm Marks & Klein who is heading the case against LifeLock. "So no one knows that they're not getting what they paid for, because they don't know what to look for." Paris said that consumers can activate for free the same safeguards that LifeLock does, but the company fails to mention that in its marketing campaign. The suit alleges that LifeLock's services can actually harm its clients because the constant placement of fraud alerts can prevent them from getting a home loan or refinancing their existing loans. In addition, the company fails to reveal that it obtains its credit reports by requesting on its clients' behalf their free annual credit report. That means consumers can't ask for their own free report for at least 12 months, according to the suit. The suit also traces what it calls the "nefarious origin" of the company, including the background of Robert J. Maynard Jr., who co-founded the company with Davis in 2005. "Upon information and belief, Maynard developed the idea for LifeLock while sitting in a jail cell after having been arrested for failure to repay a $16,000 casino marker taken out at the Mirage Hotel in Las Vegas," the suit states. Maynard was sanctioned by the Federal Trade Commission because of misleading infomercials for National Credit Foundation, a separate credit-improvement company, according to the suit. The suit also maintains that Maynard stole his father's identity by using his information to get an American Express card, which he used to rack up more than $100,000 of debt. Paris said he plans to file another suit in a fourth state soon, and he is still gathering information about LifeLock's practices. "In Wisconsin, a woman's debit card was stolen, and that thief used that card to sign up for LifeLock," he said. "If you can't provide the basic information to verify someone for subscription purposes, how can you be relied upon to protect people's identities?" _______________________________________________ Attend Black Hat USA, August 2-7 in Las Vegas, the world's premier technical event for ICT security experts. Featuring 40 hands-on training courses and 80 Briefings presentations with lots of new content and new tools. Network with 4,000 delegates from 50 nations. Visit product displays by 30 top sponsors in a relaxed setting. http://www.blackhat.com
This archive was generated by hypermail 2.1.3 : Mon May 19 2008 - 00:23:30 PDT