On May 18th, 2009, a federal district court judge ruled that LifeLock's fraud monitoring practices violate California law. LifeLock, a company that gained notoriety for publishing its CEO’s social security number in advertisements and offering a $1 million guarantee to reimburse the expenses of any customer who suffers losses from identity theft while subscribed to LifeLock, charges $120 a year to consumers to place fraud alerts on their credit profiles, among other services. Experian initially filed a lawsuit against Lifelock because of the cost it alleged it was incurring in handling the "hundreds and thousands" of fraud alerts that LifeLock was calling in on behalf of its members.
Under the 2003 Fair and Accurate Credit Transactions Act ("FACTA"), fraud alerts are available for free to consumers who believe they may have been a victim of identity theft or are at imminent risk of it. Experian claimed in its lawsuit that LifeLock placed the alerts by "posing as the consumer," and therefore LifeLock was committing an unfair business practice under California's Unfair Competition Law. U.S. District Judge Andrew Guilford determined that under FACTA, Congress intended only that a family member, guardian or attorney should make the request on behalf of a potential fraud victim and did not intend for "companies and entities such as credit repair clinics" to be able to place the alerts.
The decision is potentially a blow to the burgeoning identify-theft protection industry, and may impact the ability of companies that experience data breaches to offer victims free subscriptions to such services. Consumers can still place fraud alerts by contacting one of the three U.S. credit reporting agencies directly.