Lifelock worries after employee data leaked to Web

Identity theft protection company posts CEO's SS number, but not OK with employees data being in public

It may be OK for identity theft protection vendor Lifelock to publish its CEO's Social Security number, but when it comes to other company employees, that's another story.

10 of the Worst Moments in Network Security History

The company has asked the Phoenix New Times to remove a police report from its Web site after discovering that it contained a redacted Social Security number of Lifelock employee Tamika Jones. The number could be read by simply cutting and pasting the PDF document into another word processing program, a common problem with poorly-redacted documents.

Also in the police report: Jones's date of birth, address, phone number, and address.

"Yesterday, Christy O'Connor of LifeLock called New Times and asked us to remove the link to the PDF document," the New Times reporter Ray Stein wrote in a Tuesday story. "The smart-ass in us couldn't resist giving O'Connor, LifeLock's associate general counsel, some grief."

After Stein pointed out that Jones works for a company that promises to protect customers from identity theft, before it happens, the newspaper agreed to post a properly redacted version of the document on its Web site.

In an interview, Stein said that the fact that Lifelock had to call and ask for the document to be removed reflected badly on Lifelock's service. "I think this shows clearly that they know that it's got potential problems."

Stein has been a thorn in LifeLock's side for several years now. He's the reporter who in 2007 first raised questions about company founder Robert Maynard Jr., including a U.S. Federal Trade Commission [FTC] court injunction that prohibited him from selling credit improvement services. Maynard left the company after this story was published.

Last week, Stein reported that LifeLock CEO Todd Davis had been the victim of identity theft, at least 13 times. Davis is famous for publishing his Social Security number in LifeLock ads, saying that he's so confident in his service that he has no problem making the number public.

Apparently the document with Jones's information was improperly redacted by the Chandler, Arizona, police department

Unfortunately, the New Times had a redaction problem of its own. It neglected to remove the original version of the document, which was still downloadable from the Web Tuesday afternoon. This was news to Stein, who said he was looking into the matter.

Lifelock representatives could not immediately be reached for comment.

The company says it has over 1.7 million customers, who pay for its identity theft protection services, but it's also had some serious credibility problems. Two months ago, the U.S. Federal Trade Commission fined lifelock US$12 million for deceptive advertising.

Learn more about this topic

LifeLock CEO said to be victim of identity theft 13 times

Embattled CEO: LilfeLock service a game changer

LifeLock to pay $12 million to settle FTC, states' complaint

Editors' Picks
Join the discussion
Be the first to comment on this article. Our Commenting Policies