Slashdot Mirror

← Back to Stories (view on slashdot.org)

Lifelock Worries After Employee Data Leaked To Web

Posted by samzenpus on from the protect-that dept.

itwbennett writes "Last week, Phoenix New Times reporter Ray Stein revealed that LifeLock CEO Todd Davis (who famously published his Social Security number in LifeLock ads) had been the victim of identity theft at least 13 times. This week, LifeLock made it clear that it's not so cavalier with its employees' personal data. The company asked the New Times to remove from its website a police report containing a redacted Social Security number, date of birth, address, and phone number of Lifelock employee Tamika Jones. In an interview, Stein said that the fact that LifeLock had to call and ask for the document to be removed reflected badly on Lifelock's service. 'I think this shows clearly that they know that it's got potential problems.'"

8 of 145 comments (clear)

  1. Fraud Alert != Fraud Immunity by mysidia · · Score: 5, Informative

    Not everyone reviews a credit report before issuing any type of credit.

    ID thieves can potentially abuse personal information, no matter how many types of fraud alerts you put, there is no guarantee that it will be seen by every third party.

    Or the ID thief may employee social engineering and even defeat the 'fraud alert'

    Todd Davis' publishing his social security number is a gimmick, and he should understand the risks, and chose to do so anyway, clearly as a publicity stunt.

    As CEO and well-known media figure he can probably more easily deal with any ills that result than the average joe, and rely on his company to pay all the money and take all the hassle haggling with creditors of ID thief.

    Minor cost well worth the publicity.

    His SSN is also more likely to be recognized by banks, and (I suspect) he has little need to himself apply for credit, personally, otherwise he would not do it.

    As for other employees of the company.... they have not agreed to this, not agreed to the hassle, and are in a much poorer position to defend themselves against ID theft. They have every right to their privacy, and to not have media organizations publish redacted/legally sealed or legally witheld info.

    1. Re:Fraud Alert != Fraud Immunity by Shakrai · · Score: 5, Informative

      no matter how many types of fraud alerts you put

      Better than a fraud alert is the security freeze. They won't open a new account if they can't see your credit report. The security freeze shouldn't even be a major inconvenience, unless you are one of the champs that applies for every new credit and store card under the sun.

      --
      I want peace on earth and goodwill toward man.
      We are the United States Government! We don't do that sort of thing.
  2. Cringely... by Anonymous Coward · · Score: 4, Informative

    http://www.cringely.com/2010/05/lifeblocked/

  3. Re:If you really want protection by Ron+Bennett · · Score: 4, Informative

    Freezing often costs money. And each of those credit bureau charges separately. Could cost one upwards of $30 to place a freeze at all three.

    The hassles of "freezing" along with the fees to do so, is another illustration of the financial system being crooked; not designed to protect people, but rather to make credit as easy to obtain as possible with little regard to security.

    Ron

  4. Police fail to properly redact data by logjon · · Score: 5, Informative

    Where is that story? Oh, lifelock is an easier target. I understand.

    --
    The stories and info posted here are artistic works of fiction and falsehood.
    Only fools would take it as fact.
  5. Re:Really now? by iamweasel · · Score: 3, Informative

    That's what we have in Finland at least. First you have to physically go to the bank to identify yourself and then you get a login/password and a physical list of key-value pairs for online banking. When you start to run out of said keys you go get another list from the bank or order one through mail. Then you change the list using a value from the previous list and input the number of the new key list.

    In order to compromise in this system someone would have to have access both to my specific key list and my login/password combination.

    Of course that doesn't help at all if someone compromises the bank's systems, but in that case it wouldn't make a difference whether I used online banking or not.

    It baffles me that something as simple as (or similar to) this is not being used as I do believe it makes online banking a whole lot more secure.

  6. Re:No different than the DNC registery by Mr.+Freeman · · Score: 4, Informative

    You're an idiot, it has nothing to do with no-call lists or any such thing.

    It puts a "fraud alert" on your accounts and renews it every 90 days or however long they last for. Something you can easily do yourself for free. Basically having a fraud alert makes banks, lenders, etc. actually do SOME amount of work to verify your identity rather than blindly allowing anyone with a social security number to get a loan in the owner of that number's name.

    --
    -1 disagree is not a modifier for a reason. -1 troll, flaimbait, redundant, overrated are NOT acceptable substitutes.
  7. Re:No different than the DNC registery by Anonymous Coward · · Score: 4, Informative

    Basically having a fraud alert makes banks, lenders, etc. actually do SOME amount of work to verify your identity rather than blindly allowing anyone with a social security number to get a loan in the owner of that number's name.

    Not entirely true. It theoretically requires banks, lenders, etc do some work before opening a new account. In practice, they usually skip this step. Trust me, I know from experience. I opened a new bank account while I had a fraud alert on my files, yet I was never contacted to confirm that I indeed opened that account. When I pressed the credit reporting agencies on it, I was told that the fraud alert system is more of a "best practice" type of thing, and that companies were in no way obligated to actually follow the guidelines.