Identity theft prevention service LifeLock is not as pristine as its reputation claims after all. The company agreed to pay out $12 million to settle charges with the Federal Trade Commission and 35 states, which had said that LifeLock's identity-theft-prevention claims were false and that the company actually made its own customer data available and unsecured from theft. As it turns out, there is no way to fully guarantee that identity theft won't happen, no matter what someone puts on the side of a truck.

LifeLock has made a name for itself as the go-to service if you never want to have any part of your identity stolen, ever. The company claims to proactively protect your information against fraud, alert you to any kind of shady activity, and reduce credit card offers for $10-15 per month. Those who have seen LifeLock's trucks driving around their cities know that the company used to slap its CEO Todd Davis' social security number on the side of the vehicle along with a number of claims guaranteeing that its customers won't fall victim. (As an aside, Davis' identity allegedly ended up getting stolen in 2007.)

According to the FTC, LifeLock has long claimed that it's the first company to prevent identity theft from ever occurring, that it will never happen to you if you become a paying customer, and that it can stop fraudulent activity before it happens. "Guaranteed." However, the company only employed limited protections on behalf of its users—LifeLock apparently only went so far as to place a credit alert on its customers' credit reports, says the FTC, and barely did anything else.

As we here at Ars know, there are many more elements to identity theft than preventing someone from opening new accounts in your name. Medical identity theft is quickly becoming big as more and more people go without health insurance, and the FTC says LifeLock offered no protection against this. "If you end up in the hospital with a split appendix and doctors look at your medical charts, they might think it's not an appendix problem because you've already had yours removed," TrustedID CEO Scott Mitic told Ars last September.

LifeLock also provides no protection against ID theft for job-hunting purposes and did nothing to protect its customers from being defrauded with their existing accounts. "[E]ven for types of identity theft for which fraud alerts are most effective, they do not provide absolute protection," noted the FTC. (By the way, you can save yourself $10/month by setting up those fraud alerts yourself. Just contact the three major credit bureaus: Equifax, TransUnion, and Experian and they'll do it for you for free.)

On top of it all, LifeLock supposedly made claims about data security at its own company that the FTC says were false. After collecting sensitive data on customers, LifeLock did not encrypt its data and supposedly made the information easily accessible to anyone who wanted it. Thirty-five states joined the FTC in its complaint against LifeLock for deceptive claims.

The suit didn't last long, though—it was filed on March 8, and on March 9, LifeLock agreed to shell out $11 million to the FTC and $1 million to the attorneys general of the 35 states involved. The company has also agreed to stop misrepresenting its services as offering absolute prevention against identity theft, must establish a "comprehensive data security program," and is required to get independent third-party assessments of the program for 20 years.

Given the number of inquiries about LifeLock on our own forums, it's clear that the service managed to pique the curiosity of even some of the most savvy consumers. With the FTC's suit settled, the company seems set on moving forward with more transparency about what it can and can't do to protect users. As an ID-theft-obsessed consumer myself, I'd rather take measures to watch my info on my own than place my trust in a company that already has a somewhat shady past.

Listing image by Image courtesy TheTruthAbout