By Andrew Clevenger
The Charleston Gazette
May 18, 2008
For a time, the ads were everywhere on TV and radio, the ones with the
head of a security company brazenly challenging would-be thieves to try
to steal his identity.
Richard Todd Davis, CEO of LifeLock Inc., was so confident in his
company's ability to protect his identity that he publicly revealed his
Social Security number: 457-55-5462.
But according to a new class-action lawsuit filed last week in Jackson
County, LifeLock's identity theft protection services were so inept that
Davis' personal information was stolen repeatedly.
"While LifeLock has only publicly acknowledged that Davis' identity was
compromised on one occasion, there are more than 20 driver's licenses
that have been fraudulently obtained [using his personal information],"
the suit states.
"Furthermore, a simple background check performed using Davis' Social
Security number reveals that his entire personal profile has been
compromised to the extent that the birth date associated with his Social
Security number is Nov. 2, 1940, which would [inaccurately] make Davis
67 years old."
The lawsuit maintains that LifeLock, which claims on its Web site to be
"the industry leader in the rapidly growing field of Identity Theft
Protection," made false and misleading claims in its multimillion-dollar
ad campaign about the level of protection it provides.
"Through its advertisements, LifeLock misrepresents and assures
consumers that it can protect against all types of fraud including,
without limitation, computer hacking, password theft and other
noncredit-related theft," the suit reads.
But LifeLock doesn't protect against many forms of identity theft,
according to the lawsuit.
The Arizona-headquartered company does place and renew fraud alerts on
its subscribers' credit profiles. But it does nothing to combat breaches
involving personal bank, employment or medical information, as well as
theft pertaining to government documents and benefits, the suit alleges.
"LifeLock knows, yet fails to disclose, that the services it provides do
not offer the breadth of protection that it promotes through its massive
advertising campaign," the suit states.
The West Virginia suit follows similar suits filed in New Jersey in
March and Maryland in April. It asks the judge to certify it as a
The lawsuit was filed on behalf of Kevin Gerhold of Falling Waters, and
maintains that there are numerous other state residents who were
similarly misled into signing up.
Gerhold was attracted by LifeLock's $1 million guarantee against any
damages resulting from breaches that occur under the company's watch.
But even that is misleading, according to Charleston attorney David
Grubb, who is serving as the suit's local counsel.
"In actuality, once you get beyond the numerous legal limitations and
disclaimers, the policy really only guarantees that LifeLock will
investigate how to fix its failure," Grubb said in a news release. "The
subscriber receives no monetary recompense and no guarantee that their
reputation and credit status will be restored."
According to the suit, the company has almost 1 million subscribers who
pay roughly $110 a year for LifeLock's protection.
"This is a service that you pay for and it kind of lays dormant," said
David Paris, an attorney with the New Jersey firm Marks & Klein who is
heading the case against LifeLock. "So no one knows that they're not
getting what they paid for, because they don't know what to look for."
Paris said that consumers can activate for free the same safeguards that
LifeLock does, but the company fails to mention that in its marketing
The suit alleges that LifeLock's services can actually harm its clients
because the constant placement of fraud alerts can prevent them from
getting a home loan or refinancing their existing loans.
In addition, the company fails to reveal that it obtains its credit
reports by requesting on its clients' behalf their free annual credit
report. That means consumers can't ask for their own free report for at
least 12 months, according to the suit.
The suit also traces what it calls the "nefarious origin" of the
company, including the background of Robert J. Maynard Jr., who
co-founded the company with Davis in 2005.
"Upon information and belief, Maynard developed the idea for LifeLock
while sitting in a jail cell after having been arrested for failure to
repay a $16,000 casino marker taken out at the Mirage Hotel in Las
Vegas," the suit states.
Maynard was sanctioned by the Federal Trade Commission because of
misleading infomercials for National Credit Foundation, a separate
credit-improvement company, according to the suit.
The suit also maintains that Maynard stole his father's identity by
using his information to get an American Express card, which he used to
rack up more than $100,000 of debt.
Paris said he plans to file another suit in a fourth state soon, and he
is still gathering information about LifeLock's practices.
"In Wisconsin, a woman's debit card was stolen, and that thief used that
card to sign up for LifeLock," he said. "If you can't provide the basic
information to verify someone for subscription purposes, how can you be
relied upon to protect people's identities?"
Attend Black Hat USA, August 2-7 in Las Vegas,
the world's premier technical event for ICT security experts.
Featuring 40 hands-on training courses and 80 Briefings
presentations with lots of new content and new tools.
Network with 4,000 delegates from 50 nations.
Visit product displays by 30 top sponsors in
a relaxed setting. http://www.blackhat.com