LifeLock Shells Out $80M to Identity Theft Customers

Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...

By Daniel R. Stoller

Sept. 21 — An over $80 million settlement between LifeLock Inc. and consumers who say that the identity theft protection company made deceptive and unfair statements about its service has gotten final approval ( Ebarle v. LifeLock, Inc., N.D. Cal., No. 15-cv-00258-HSG, 9/20/16 ).

Judge Gilliam S. Haywood Jr. of the U.S. District Court for the Northern District of California Sept. 20 approved the settlement. The settlement total includes $68 million to the settlement fund for class members, $8,000 total for named class plaintiffs and $10.2 million in attorneys fees and expenses.

Consumers who purchased LifeLock's subscription service after September 1, 2010 are entitled to monetary relief. The amounts received by consumers will total “approximately the amount each paid for one month of enrollment” in LifeLock's services.

According to the May 13 second amended complaint, LifeLock mislead customers because “its services are limited in scope and effectiveness and inferior to services offered by other credit card companies for free.” Additionally, plaintiffs alleged that LifeLock overstated the risk of identity theft to customers.

The case highlights the potentially high litigation costs for companies who allegedly misrepresent the data security of their products and offerings. Even if companies settle before a trial, settlement awards along with attorneys' fees may reach into the tens of millions of dollars.

Tempe, Ariz.-based LifeLock is the fifth largest public specialized consumer services company in the U.S. with a $1.50 billion market capitalization, Bloomberg data show.

No Stranger to Settlements

LifeLock is no stranger to settlements related to its claims of protecting consumer data against identify theft and data breaches.

LifeLock had previously been part of a Federal Trade Commission enforcement action for allegedly making false promises in its privacy policies that it had data security measures that would protect sensitive consumer data. LifeLock promised it would protect Social Security and credit card numbers but didn't encrypt customer data.

In July 2015, the FTC and LifeLock entered into a $100 million no-fault settlement agreement to settle the claims (14 PVLR 2321, 12/21/15).

In July 2010, the company agreed to pay $12 million for violating a settlement with the FTC and 35 state attorneys general that prohibited deceptive advertising and required the company to secure consumers' personal information (9 PVLR 386, 3/15/10).

A consumer, Walter F. Ellingwood, appealed the order granting the settlement Sept. 20 to the U.S. Court of Appeals for the Ninth Circuit. Ellingwood didn't raise an argument as to why he was appealing the settlement.

Sacks, Ricketts & Case LLP represented LifeLock. Lieff Cabraser Heimann & Brenstein LLP and Clarence Dyer & Cohen LLP represented the named plaintiff.

To contact the reporter on this story: Daniel R. Stoller at

To contact the editor responsible for this story: Donald G. Aplin at

For More Information

Copyright © 2016 The Bureau of National Affairs, Inc. All Rights Reserved.

Request Bloomberg Law Privacy and Data Security