The Phoenix New Times (via Wired) is reporting that LifeLock's CEO Todd Davis's identity was stolen 13 times. That's 12 more than had been previously reported. The question is, who's fault is it?
Clearly from a security perspective, it's not a good idea to display your Social Security Number on billboards and TV advertisements. However, from a marketing perspective it was brilliant. The actual dollar amounts lost due to these identity theft incidents were low. If those costs were simply written off as marketing expenses, it was a good deal for Todd Davis.
On the other hand, the legal expenses LifeLock has incurred are a different matter. I am not sure if the $12 million in legal judgments could also be simply written off as marketing expenses. I previously wrote about the $11 million and $1 million judgments
against LifeLock here.
LifeLock's identity theft protection is really limited to automatically posting "Initial Fraud Alerts" with the three consumer credit agencies, Equifax, Experian, and Trans Union.
The actual FTC complaint, in section 18 details the limitations of an "Initial Alert." In other words, there are many ways you can still suffer an identity theft attack with an Initial Alert turned on with all three consumer reporting agencies. Many of these are due to third parties not exercising the due diligence they should.
To my knowledge, only Equifax provides a service that actually enables you to LOCK your account. However, locking is not the silver bullet either as there are forms of identity theft that can be perpetrated without accessing your credit report. And since you can only lock Equifax, you are still vulnerable to Experian or TransUnion being abused. Finally, even if Experian and TransUnion added an easy locking process similar to Equifax's, you would have to pay fees to them as well.