Lifelock Worries After Employee Data Leaked To Web

itwbennett writes "Last week, Phoenix New Times reporter Ray Stein revealed that LifeLock CEO Todd Davis (who famously published his Social Security number in LifeLock ads) had been the victim of identity theft at least 13 times. This week, LifeLock made it clear that it's not so cavalier with its employees' personal data. The company asked the New Times to remove from its website a police report containing a redacted Social Security number, date of birth, address, and phone number of Lifelock employee Tamika Jones. In an interview, Stein said that the fact that LifeLock had to call and ask for the document to be removed reflected badly on Lifelock's service. 'I think this shows clearly that they know that it's got potential problems.'"

Really now?

[Darkness404]

Anyone who expects a service to 100% protect them from identity theft is an idiot. Its just like a virus scanner, it might be helpful but its no substitute for common sense.

Re:Really now?

[AK+Marc]

There are any number of ways that a bank could be compromised, and the data distributed. Unlike a password, or a username, or even a SSN, there is no way to change your mother's maiden name, etc.

I opened a bank in a foreign country. They take and hash your password as you give it to them. The password is never known by anyone there, can't be retrieved and will never be seen. It's up to me to make sure I don't use it on an infected system. If it gets out, I'm pretty much on the hook for whatever is in my account when someone wipes it out. That password is worth thousands of dollars. You make sure it's secure, and you treat it as such.

The fraud levels in the US are some of the highest in the world, and it's because the banks don't care. They make enough with the fraud and aren't held responsible for the actual harm they cause people when they put inaccurate information on credit reports.

Let someone sue when there's an inaccuracy on their credit report (with the burden being on the person who put it there to prove it's accurate) and you'll see that crap stopped pretty quick. Make the banks pay an "oops" fee of $100 to their customers when the banks take out money because of a fraudulent transaction the customer couldn't have prevented. Hold the banks responsible for the damage they are causing through "identity theft" (which is nothing more than lax security blamed on their customers when the banks have the ability to stop nearly all identity theft). When that's done, then fraud will drop and identity theft will be gone except for the few cases where couples pretend to be the other to wipe out an account as part of a breakup.

If you really want protection

[ksemlerK]

...Freeze your credit reports.

EQUIFAX Online Help: How to place a security freeze

Experian Online Help: Security Freeze

TransUnion Personal: Security Freeze

Problem solved, and you're not paying $9.95 a month for a service you can easily perform yourself that is far more effective then what any of these supposed "Identity protection" companies offer.

Re:No different than the DNC registery

[Jason+Levine]

With fraud alerts, banks/lenders/etc are recommended to do some verification work, but they aren't *required* to do so. Some institutions might skip the verification and thus allow more ID theft to go on. Better to freeze your credit entirely. It costs some money to place, thaw and remove (how much depends on your state and whether or not you've been a victim of ID theft), but it is definitely worthwhile. As a bonus, since credit card companies can't see your credit information, they won't "pre-approve" you for credit cards and send those blank forms which then need to be shredded lest some ID thief steal them.

Of course, the credit agencies hate security freezes. They want you to place fraud alerts because they can still sell your credit information and you can still sign up for store credit cards on the fly. That's why their lobbyists will fight any bill that promises to make security freezes less expensive or easier to obtain.