Illustration: DimaChe—Getty Images

The company was supposed to protect customers against data theft.

By Jonathan Vanian
December 17, 2015

It’s bad enough that people have to worry about their personal data getting stolen. Now they have to worry about the companies responsible for protecting their data not doing their job.

Identity theft protection firm LifeLock will pay the Federal Trade Commission $100 million to settle charges that it failed to comply with a 2010 federal court order, the FTC said on Thursday.

The FTC claimed that LifeLock violated a judge’s order requiring that it properly safeguard sensitive personal data like Social Security, credit card, and bank account numbers. Additionally, the regulators alleged that LifeLock lied to consumers that it kept consumer data secure in a similar way to how financial institutions lock up data.

LifeLock LOCK also did not immediately notify consumers after learning that they may have had their identity stolen, even though it advertised that it did, the FTC said.

“The fact that consumers paid LifeLock for help in protecting their sensitive personal information makes the charges in this case particularly troubling,” FTC Chairwoman Edith Ramirez said in a statement.

The FTC first announced in July that it was taking action against LifeLock.

LifeLock said in a statement on Thursday that it was “pleased to put this matter behind us.”

“The allegations raised by the FTC are related to advertisements that we no longer run and policies that are no longer in place. The settlement does not require us to change any of our current products or practices. Furthermore, there is no evidence that LifeLock has ever had any of its customers’ data stolen, and the FTC did not allege otherwise.”

Of the $100 million settlement, LifeLock can use $68 million to pay consumers who filed a class action lawsuit against it. In 2010, the company paid $12 million to the FTC and 35 states to settle allegations that it made false claims about its data protection services.

As part of the 2010 settlement, LifeLock was “barred from making deceptive claims and required to take more stringent measures to safeguard the personal information they collect from customers,” according to an FTC announcement at the time.

According to the 2010 FTC announcement, one of the ways LifeLock would advertise its services was “by displaying the CEO’s Social Security number on the side of a truck.” But a 2010 article in the Phoenix New Times said that LifeLock’s CEO Todd Davis had his identity stolen “at least 13 times since 2007.”

Subscribe to Data Sheet, Fortune’s daily newsletter on the business of technology.

For more about security, check out the following Fortune video:

SPONSORED FINANCIAL CONTENT

You May Like