The Federal Trade Commission (FTC) reported its settlement with LifeLock regarding its lack of compliance with a 2010 Order that “LifeLock failed to establish and maintain a comprehensive information security program to protect users’ sensitive personal information including their social security, credit card and bank account numbers.”  The December 17, 2015 press release from the FTC included these comments from FTC Chairwoman Edith Ramirez:

This settlement demonstrates the Commission’s commitment to enforcing the orders it has in place against companies, including orders requiring reasonable security for consumer data,…

The fact that consumers paid Lifelock for help in protecting their sensitive personal information makes the charges in this case particularly troubling.

The press release included this description of the settlement:

Under the terms of the settlement, LifeLock must deposit $100 million into the registry of the U.S. District Court for the District of Arizona. Of that $100 million, $68 million may be used to redress fees paid to LifeLock by class action consumers who were allegedly injured by the same behavior alleged by the FTC. These funds, however, must be paid directly to and received by consumers, and may not be used for any administrative or legal costs associated with the class action.

Of course this confession is all the more troubling to its 4 million customers since LifeLock brags about its focus on identity protection:

LifeLock gives people a sense of confidence to live freely in an always-connected world.

This is terrible news for millions of folks who rely on LifeLock!