Lifelock Worries After Employee Data Leaked To Web 145
itwbennett writes "Last week, Phoenix New Times reporter Ray Stein revealed that LifeLock CEO Todd Davis (who famously published his Social Security number in LifeLock ads) had been the victim of identity theft at least 13 times. This week, LifeLock made it clear that it's not so cavalier with its employees' personal data. The company asked the New Times to remove from its website a police report containing a redacted Social Security number, date of birth, address, and phone number of Lifelock employee Tamika Jones. In an interview, Stein said that the fact that LifeLock had to call and ask for the document to be removed reflected badly on Lifelock's service. 'I think this shows clearly that they know that it's got potential problems.'"
Really now? (Score:5, Interesting)
Re:Really now? (Score:5, Insightful)
it might be helpful but its no substitute for common sense.
Common sense would be banks requiring more information than an SSN and DOB from an internet connected computer before opening lines of credit. I watched someone apply for a line of credit with Citi online and receive a $15,000 account with no verification of his identity beyond the SSN/DOB match. What's wrong with that picture?
Re: (Score:1, Insightful)
That you're making shit up?
Re: (Score:2, Interesting)
However, on the flipside, there are privacy issues with giving personally identifiable data to a prime hacking target (like a major lending institution.)
In order for them to validate a session as a legitimate person, they need personally identifiable data on that person. That means that they are warehousing such data, and in addition to being a target for wirefraud directly, they also become a target for identity theives of the highest order.
Knowing a little bit about data security (and security in general
Re:Really now? (Score:5, Funny)
Right on, brother!
This is exactly what I said when they first invented banks! I mean, anyone can just walk into one of those places with a fake ID and *bam* they've got all my money! That's why I keep all my money in gold Krugerrands in a shoe box under my...
Hey now, I'm not gonna tell you where I keep my shoe box! Now get off my lawn, you wacko!
Re: (Score:2)
A simple mnemonic to think of when contemplating using the internet for something: Would trust handing that data to a total stranger on the street?
And that's why I wish I could give 1 time card numbers to stores as well. Keeps them from tracking me too.
Paranoid? Obviously not enough, I'm not AC.
Re:Really now? (Score:5, Insightful)
When I opened my bank account (here in Australia) I had to go into the branch physically and sign up for it, including showing various forms of ID.
The only reason the US isn't as strict is that the banks have used their powerful influence to make sure that nothing gets in the way of their ability to offer vast amounts of credit (home loans, car loans, personal loans, credit cards etc) to anyone and everyone.
They want to make getting a credit card as easy as possible.
Re: (Score:1)
Re: (Score:2)
Interestingly, the maiden name has lost its value in recent times. It used to be that the moment a woman got married, her maiden name all but vanished; these days, it seems the younger married woman prefers to use her maiden name as a new middle name.
The maiden name was always a goofy "security" thing anyway; long before the internet, a little social engineering is all it took to glean a maiden name.
Re: (Score:2)
Where's the best place to start, then? Any advice for someone who is going to get their first CC this year? Should I get it from my bank, or somewhere else?
Re: (Score:3, Insightful)
American Express is your friend.
It took me over a year once I moved to the US to get a credit card. It took even longer for my wife since she had no SSN until a few years ago (yes you can live legally in the US for years and declare taxes without being allowed a SSN).
There is a vicious circle: no credit history, you can't get a credit card ... but you need one to get a credit history. You also have the option of the prepaid credit card, where you have to loan the bank say $500 for a $500 line of credit.
But
Re: (Score:2)
Yes indeed, without a credit history you can't get a credit card, and without a credit card, you can't get a credit history. That is why nobody in the world has a credit card, right?
Re: (Score:2)
Mine lets me transfer money directly from my checking/savings to pay off my credit card. They've got automated bill paying (rent check gets mailed out mid-month for me, automatically.) and a bunch of other good stuff. All free.
Seriously - credit card companies and banks are the spawn of satan. Find a good credit union.
Re: (Score:2)
Just get your name into the advertiser's databases. Soon enough, you will have credit card offers streaming in. So will your dog, cat, goldfish, and the deceased hamster you had when you were 5 years old.
Re: (Score:2)
So wait, the best way to get a credit card is to ignore actually sign up for all of those Limited Time Offers I've been ignoring all these years? DAMMIT!
Well, it's a good thing that I never told them my e-mail address is i_have_mental_health_issues@yahoo.com and that I am HIGHLY interested in opening a new line of credit. Yes, very good thing, that.
Re: (Score:2)
Do you have any evidence of this? Because it also happens the other way around—the banks put up fake barriers to credit, and the government orders them to take them down due to fairness, anti-discrimination, etc.
Re: (Score:2)
The only reason the US isn't as strict is that the banks have used their powerful influence to make sure that nothing gets in the way of their ability to offer vast amounts of credit (home loans, car loans, personal loans, credit cards etc) to anyone and everyone.
Right - it is in a bank's best interest to lend their money to as many people as possible, with no verification of whether or not those people will ever be able to pay it back. Because you know, when you steal the bank's money, the bank wins!
Re: (Score:2)
Right - it is in a bank's best interest to lend their money to as many people as possible, with no verification of whether or not those people will ever be able to pay it back. Because you know, when you steal the bank's money, the bank wins!
The banks borrow the money from the Federal Reserve (which creates it "out of thin air") at very low interest (currently nearly zero - but call it 2% to make some numbers come out nice later). Why do they accept and solicit deposits (on which they pay similarly low int
Re: (Score:2)
So for every thousand bux they borrow at nearly zero interest to fund this operation they make somewhere between $240 and over %500 per year.
Typo: Make that $500.
Re: (Score:2)
But people are also legally liable for $50 in unauthorized charges at most (though AFAIK, most card companies waive that too, as long as it's reported promptly). Also (this may be a state by state thing), merchants are unable to charge a fee for credit card use. (They can give a "cash discount", thus effectively the same thing -- but at least you pay the posted price with credit cards. I realize this also can be considered a bad thing from a merchant's point of view.)
So at least for credit cards, it seem
Re:Really now? (Score:5, Interesting)
I opened a bank in a foreign country. They take and hash your password as you give it to them. The password is never known by anyone there, can't be retrieved and will never be seen. It's up to me to make sure I don't use it on an infected system. If it gets out, I'm pretty much on the hook for whatever is in my account when someone wipes it out. That password is worth thousands of dollars. You make sure it's secure, and you treat it as such.
The fraud levels in the US are some of the highest in the world, and it's because the banks don't care. They make enough with the fraud and aren't held responsible for the actual harm they cause people when they put inaccurate information on credit reports.
Let someone sue when there's an inaccuracy on their credit report (with the burden being on the person who put it there to prove it's accurate) and you'll see that crap stopped pretty quick. Make the banks pay an "oops" fee of $100 to their customers when the banks take out money because of a fraudulent transaction the customer couldn't have prevented. Hold the banks responsible for the damage they are causing through "identity theft" (which is nothing more than lax security blamed on their customers when the banks have the ability to stop nearly all identity theft). When that's done, then fraud will drop and identity theft will be gone except for the few cases where couples pretend to be the other to wipe out an account as part of a breakup.
Re: (Score:3, Interesting)
I think your heart is in the right place, but I'm not sure your ideas make sense?
I opened a bank in a foreign country. They take and hash your password as you give it to them. The password is never known by anyone there, can't be retrieved and will never be seen. It's up to me to make sure I don't use it on an infected system. If it gets out, I'm pretty much on the hook for whatever is in my account when someone wipes it out. That password is worth thousands of dollars. You make sure it's secure, and you treat it as such.
God, I hope most banks don't rely on such weak security? The bank where I have my business account gave me a security token that I've got to use in addition to a username/password to login. Before I do anything major like account transfers or wires, I've got to use the security token again. Interactive Brokers trading offers security tokens as well though I haven't used theirs--I have a lookup page from them that serves the sam
Re: (Score:2)
That would be awesome. I'd set up an arrangement where my friends would steal my identity. They'd give whatever they got back to me, and we'd split the $100. Nobody would possibly take advantage of that system!
Excellent! If the banks are that lax, they deserve to lose. Watch carefully though since they'll soon tighten up security and then your friends will get busted for fraud (and you for conspiracy). If the banks are actually doing what they should be, there can be no abuse of the oops fee. You'll know it's working when the detectives show up.
Re: (Score:2)
Absolutely that would be the proper outcome. My point is merely that ranting isn't enough, when you just randomly toss out ideas like this you have to consider the full consequences. It's Bastiat's seen and unseen.
Some people like to think criminals are dumb. It's true that there are a lot of dumb criminals (and a lot of dumb people in general), but when it comes to financial fraud and millions of dollars, there are some smart people out there as well, and they're playing for keeps.
Kind of funny how on slas
Re: (Score:2)
Yes, the US is a location of a great amount of fraud.
You CAN sue,
I use the phrase "can sue" that holds meaning. Anyone can sue for any reason. You can sue your neighbor for not being home when you burned your house down. There doesn't need to be cause or standing to file paperwork. It will likely not make it past the first viewing by a judge, but anyone can sue for any reason. So "can" sue means to me that you'd get to a judgment with at least, say, a 25% chance of winning. With
Re: (Score:2)
Yes, the US is a location of a great amount of fraud.
Yes, but that wasn't the question. Further data?
I use the phrase "can sue" that holds meaning. Anyone can sue for any reason. You can sue your neighbor for not being home when you burned your house down. There doesn't need to be cause or standing to file paperwork. It will likely not make it past the first viewing by a judge, but anyone can sue for any reason. So "can" sue means to me that you'd get to a judgment with at least, say, a 25% chance of winning. With that definition, you can't sue.
As I said, google it. If you don't find instances of succesful law suits in these situations, you're seeing different search results than I am!
So? They send a form letter back with "on XXX date Joe Schiester stated that you were in default." And done. That's it. You have no recourse after that with the credit report agency if they contact Joe and he says it's true. At best, you can have an explanation attached to that item, but you can't get it off through the agency if the bad data was put on by someone who continues to claim it's correct. Please correct me if I'm wrong, but that's my understanding. At that point, you can sue the person that put it on, but not the agency itself.
That's not true. If you send them proof that their source data is wrong, they HAVE to respond. Again, check out the Fair Credit Reporting Act.
Why wait, do it now. Go charge up a bunch of crap on a friend's credit card. Have him report it stolen a couple hours later. Sell the crap on ebay. If you aren't doing that now, then you are a liar when you say you'd game the system. And the implication that it can be gamed is irrelevant to the assertion it would stop the practice.
I'm a liar? Ok, you got me! Sheesh, I never understand how people can get so worked up in personal fashion on online conversations. People game the system right now, if you don't
Re: (Score:2)
It is true. You said nothing that contradicted me. And how do you prove that you don't owe money to someone you never met?
what specifically are banks doing wrong right now to encourage identity theft, and what specifically should they be doing differently?
I never said they encouraged it. Again, you are making up things. They are not taking steps to reduce it
Re: (Score:2)
Are you sure people can't sue? I had Cingular (Now AT&T Wireless) put a fraudulent entry on my credit report. They even sent me to collections on a $0.00 balance. I wrote both the collections agency and AT&T and told them they had 2 business weeks to correct my credit report and cease collections attempts or I was going to sue them both for libel. Sure enough, two weeks later everything had been cleaned up.
I'm certainly no expert but my guess is that's a record time for having a credit report fix
Re: (Score:2)
In your case, you'd have lost such a suit (or, at bet won with no award of damages). For one, "fraud" requires they gain something. It also requires purpose. Accidentally doing it isn't fraud. Doing something that doesn't cause harm isn't fraud. And to sue, you'd need to prove actual damages. What damage did you receive? Libel also requires that it be published. If no one else r
Re: (Score:2)
IMHO, Banks should use a dedicated, private network that does NOT have ANY endpoints connected to the public internet for just this reason.
Would there not be some point in transit between, say, a point-of-sale cardreader or an ATM, that could be similarly compromised? It wouldn't necessarily be easy, but where there's a will, there is a way. Even if every unit had it's own dedicated line from itself to the bank, those cables have to run somewhere, and you can't necessarily keep them under constant supervision. It might reduce the number of points of failure (as far as security mechanisms are concerned), but by no means would it eliminate the
Re: (Score:2)
I like the idea of a dedicated, private network. This is what a lot of companies used to have before they were called intranets.
Maybe expand on this some, have it be a B2B backbone (BIPRnet, similar to NIPRnet and SIPRnet) where unless authorization is prearranged beforehand for one business's machines to communicate with another's, the switching fabric wouldn't allow the connection? This could be done even at a port level, so B2B E-mail via an Exchange connector at a custom port would go through, but som
Re: (Score:1, Informative)
No. Actually it went more like this:
Police fucked up redacting a public record when they made it public. The Lifelock employee was made aware of the screw up via a web site which reported the fuck up (and NOT by Lifelock), otherwise, the employee would still be clueless as to why she was getting her identity anally raped hundreds of times a day, despite the (hopefully free) Lifelock "protection" she has signed up for. The Lifelock employee made her superiors aware of this, and probably asked what they could
Re: (Score:1)
Re: (Score:2)
Really nice straw man. The real story is that the police are releasing this data
No, they aren't. They released a properly redacted document, with all info that could be used by an identity thief properly covered up.
and that lifelock can't be expected to watch the entire internet 24/7
... and yet, they expect their customers to pay $10 / month for exactly this "service".
but they're catching blame from this anyway somehow.
... because they're selling snake oil, then are caught red-handed trying to censor the news, and finally spin their censorship as just protecting their employee's id data (which was never actually exposed in the police report).
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
But in this case, police actually did just fine, by putting the rectangles right into the image, rather than adding them as an (easily removed) additional layer into the PDF.
So why is Livelock fighting this then, if it didn't actually expose the employees data?
Easy: because
Re: (Score:3, Informative)
You sir, are incorrect. The original PDF [wired.com] from the police department (which was copied by and is still being hosted on Wired.com's website with their follow-up article [wired.com]) has a layer of black 'redaction' blocks, but all the personal data is still there and can be cut-and-pasted.
The reporter sanitized the PDF for the cops by printing it, scanning it, and making another PDF (I would have just raster printed it direct to another PDF file), and replaced the original on the web site with the new one.
Re: (Score:2)
Common sense would be banks offering either a hardware keyfob and/or an app for Android/iPhone/Win Mobile that gives secondary authentication, or confirmation of transactions like IBM's ZTIC.
Or even better, a common standard, similar to RSA SecurID, so each bank doesn't have to have their own different, incompatible type of offline auth device.
Having this would shift theft of accounts from just getting malware onto peoples' computers back to either attacking banks directly, or their patrons.
Re:Really now? (Score:4, Insightful)
Putting these technical restrictions to regulation is a bad idea (though some limited minimum standards is probably good). I think you have to look at the difference between the credit card system and the bank account system. You'll probably find that there's more technical protection on your bank account access, but credit card fraud worries you less and causes you fewer problems. The reason for this is that the credit card fraud is pushed to the place which is able to verify the transaction and not just the account holder; the shop and the credit card system. The security is very dynamic. If you make a small transaction in a place near where you live, it will almost always go through. If you make a large transaction in Cambodia, soon after making one at home (unless, of course you are Cambodian, in which case the same argument applies, but in New York), the company will call you directly to your mobile phone and ask you to confirm the transaction.
The reason this works like this (which is expensive) and works so well is simple. You are allowed to reverse the transactions if they aren't yours. This pushes the liability to the bank. If the same applied to bank accounts, that you could just reverse any transaction and the bank had to prove you were liable for it, suddenly bank fraud would be massively reduced, disappear completely as a consumer problem and the criminals trying it would be pursued to the ends of the earth.
Re: (Score:3, Informative)
That's what we have in Finland at least. First you have to physically go to the bank to identify yourself and then you get a login/password and a physical list of key-value pairs for online banking. When you start to run out of said keys you go get another list from the bank or order one through mail. Then you change the list using a value from the previous list and input the number of the new key list.
In order to compromise in this system someone would have to have access both to my specific key list and m
Re: (Score:3, Interesting)
Most of Europe has something like this, either a keyfob, or a TAN list.
However, it a rare sight for an American bank to offer much if anything more than username/password protection. You might find a bank that asks a question from your challenge/response list, or asks you to select the answer on a random list, where the text is a bitmap (to help foil malware that doesn't have an OCR engine.) Anything more than that, good luck.
What is ironic is that Blizzard offers a keyfob and/or an app for the iPhone and
Re: (Score:3, Interesting)
What I have for my British Nationwide [nationwide.co.uk] account (a building society rather than a bank, but that's mainly semantics) is a small, calculator-lookalike card-reader that takes my ATM card and PIN and is used to sign any transactions or other significant operations involving money.
Say I want to transfer money to a non-Nationwide account, I have to:
Login by entering my customer number, passphrase and three randomly selected digits of a secret six-digit code,
Set up the transfer, put my ATM card (with chip) into the
Re: (Score:2)
The real WTF is that if the account is opened fraudulently, the bank and credit agencies will spread nasty gossip (slander) about the actual person and try to collect the money from him. If (and only if) he challenges them on it, they will claim that the original fraudster committed a crime against him and that it is his problem. They will also claim that they are an innocent and uninvolved 3rd party to the crime.
Re:Really now? (Score:5, Insightful)
If you are writing me a check, I'll give you enough info so I can cash it, otherwise, meh. Even my cable bill has a misspelling in my name I have not corrected in 14 years.
P.S. NotQuiteReal, is not my real name... Proud alias-using "lurker" on the Internet/Usenet since 1982 (or before...)
Re: (Score:2)
Re: (Score:2)
We know who you are, Jack.
Right. As if you care.
Re: (Score:1)
I don't know about where you live but in my country creating a fake ID is a serious crime.
Re: (Score:2)
I'd say if anyone calls you on it, claim "equal protection".
Re: (Score:2)
I assumed it wasn't about protecting yourself but the ability to pay someone to do it and get paid by them if they don't. Paying someone to be responsible for you, with the expectation of getting reimbursed and then some if they don't. Liability.
Re: (Score:1)
Anyone who expects a service to 100% protect them from identity theft is an idiot.
Identity Theft does not exist. No one can steal an identity. At least not with today's technology. Some bank gets scammed by somebody. The bank then recovers its loss by defrauding one of their customers. The solution to this "problem" is obvious.
Re: (Score:2)
Anyone who expects a service to 100% protect them from identity theft is an idiot. Its just like a virus scanner, it might be helpful but its no substitute for common sense.
Sometimes they're not idiots. Some are just too trusting or are just plain unaware.
My company often receives mail orders containing personal checks. Every year we see several who continue to allow their SSN to be printed on the check, along with the name, address and phone number. These folks are seniors (+70) and don't understand that the SSN is the key to the castle.
In a few cases, I've sent a short letter explaining why they shouldn't do that, and a few have called and thanked me for the information. Oft
Re: (Score:2)
I thought that was your SSN, user 666.
worthless (Score:1)
how is this a sign of potential problems? (Score:2, Insightful)
In an interview, Stein said that the fact that LifeLock had to call and ask for the document to be removed reflected badly on Lifelock's service. 'I think this shows clearly that they know that it's got potential problems.'"
so a service designed to protect your privacy is broken if it actively attempts to protect your privacy? I think this shows clearly that they got a proactive strategy to protect personal information.
just because the CEO is willing to stick his chin out doesn't mean i trust him to stick MY chin out.
Re:how is this a sign of potential problems? (Score:5, Insightful)
If I was a customer of theirs, and a police department did the same to me, then LifeLock is doing exactly as I would expect them to do, if they wanted to continue getting my monthly fee.
However, Tamika is one of their own, and the police report was published in an article about them. I don't think they would even notice if it had happened to a regular customer and/or if it had not been an article concerning LifeLock.
Re: (Score:2)
Fraud Alert != Fraud Immunity (Score:5, Informative)
Not everyone reviews a credit report before issuing any type of credit.
ID thieves can potentially abuse personal information, no matter how many types of fraud alerts you put, there is no guarantee that it will be seen by every third party.
Or the ID thief may employee social engineering and even defeat the 'fraud alert'
Todd Davis' publishing his social security number is a gimmick, and he should understand the risks, and chose to do so anyway, clearly as a publicity stunt.
As CEO and well-known media figure he can probably more easily deal with any ills that result than the average joe, and rely on his company to pay all the money and take all the hassle haggling with creditors of ID thief.
Minor cost well worth the publicity.
His SSN is also more likely to be recognized by banks, and (I suspect) he has little need to himself apply for credit, personally, otherwise he would not do it.
As for other employees of the company.... they have not agreed to this, not agreed to the hassle, and are in a much poorer position to defend themselves against ID theft. They have every right to their privacy, and to not have media organizations publish redacted/legally sealed or legally witheld info.
Re:Fraud Alert != Fraud Immunity (Score:5, Informative)
no matter how many types of fraud alerts you put
Better than a fraud alert is the security freeze [experian.com]. They won't open a new account if they can't see your credit report. The security freeze shouldn't even be a major inconvenience, unless you are one of the champs that applies for every new credit and store card under the sun.
Re: (Score:2, Informative)
I'll agree a security freeze is better.
But a Credit card or Loan isn't the only type of account an ID thief can try to open fraudulently in a victim's name.
They might try to open a checking account instead, which does not involve a CRA inquiry. Instead, the inquiry would go to CheXsystems or similar, which do not provide a 'security freeze' option
The ID thief may also create a bogus instrument, such as a 'checkbook' of fake checks in victim's name.
If the ID thief is up to title fraud, they also ma
Re: (Score:2)
That's what my wife and I did to our credit after my identity was stolen. It was a slight hassle when I needed to buy a new car. I had to thaw our credit for a small time frame. Still, that slight hassle is nothing compared with the hassle of repairing a stolen identity. Of course, the credit agencies don't like security freezes. They make their money off of selling your data to other companies and they can't sell frozen accounts. They'd much rather you put a next-to-useless fraud alert on your accoun
Re: (Score:2)
re: security freeze and downsides (Score:2)
The problem with doing a security freeze on your account is that many places will charge you a fee every time they have to un-freeze it to run your credit when you DO authorize it.
Like you say, it's probably fine if you have no intentions of applying for any credit or loans for quite a while. But it gets annoying when, say, a person decides to buy a new car and finds out they're hit with a $25 charge just so the dealership can verify they're a good credit risk.
Re: (Score:2)
in which case identity theives can't very well trash your credit when you have already done the job for them
Cringely... (Score:4, Informative)
http://www.cringely.com/2010/05/lifeblocked/
So that's how it works (Score:2)
Re: (Score:2)
Their service must not actually be trying to prevent identity theft, but trying to keep you from knowing when it happens.
Close. When they see something they clean it up and then tell the customer they blocked the attempt, so the customer thinks they got their money's worth.
Ya, You Betcha (Score:3, Interesting)
What it shows clearly is that Lifelock is worthless, except at taking money from morons.
Re:Ya, You Betcha (Score:4, Funny)
Exactly. I've been waiting for this story ever since I laughed at their first commercial.
If you really want protection (Score:5, Interesting)
EQUIFAX Online Help: How to place a security freeze [equifax.com]
Experian Online Help: Security Freeze [experian.com]
TransUnion Personal: Security Freeze [transunion.com]
Problem solved, and you're not paying $9.95 a month for a service you can easily perform yourself that is far more effective then what any of these supposed "Identity protection" companies offer.
Re:If you really want protection (Score:5, Informative)
Freezing often costs money. And each of those credit bureau charges separately. Could cost one upwards of $30 to place a freeze at all three.
The hassles of "freezing" along with the fees to do so, is another illustration of the financial system being crooked; not designed to protect people, but rather to make credit as easy to obtain as possible with little regard to security.
Ron
Re: (Score:1)
Re:If you really want protection (Score:5, Insightful)
Protection from what? Banks that blame a 3rd party every time they get robbed? This is no different than if a robber walks into a bank with a deposit slip from your account, writes "give me $10,000" on it, and robs the bank at gun point. Then, when the bank notices that it has your name on the deposit slip, they take it out of your account without your knowledge or permission, even when they know for sure you weren't the robber.
Banks are stealing from their customers when they are robbed. When "identity theft" is treated as it really is, simple fraud, then the world will be a better place. If Congress had balls (and they don't have balls, just pockets with checks in them from the banks), they'd pass a law where every contact with a customer because of a fraudulent account opened by a 3rd party earned them a $100 fine to be paid to the customer, they'd figure out security pretty damn quick. Instead, it's cheaper to screw the lives of their customers (or often, even non customers) because they are too cheap and lazy to have actual security.
"Identity theft" is where the bank performs legalized fraud to harm people because the bank got robbed due to their own negligence.
Re: (Score:2)
If Congress had balls (and they don't have balls, just pockets with checks in them from the banks)...
The beauty of it all is that the bank wrote that check on your account!
Re: (Score:2)
"Identity theft" is where the bank performs legalized fraud to harm people because the bank got robbed due to their own negligence.
Here's the obligatory Mitchell and Webb clip [youtube.com]:
Re: (Score:2)
$30 for life? Not exactly, because "until you lift the freeze" often involves a fee too (and possibly an additional fee to put the freeze back on), which too can be upwards of $10 for each credit bureau.
Still, even with the added "lift freeze" fees, for most people, you're right that it's cheaper to skip LifeLock and do-it-yourself.
Ron
Re: (Score:2, Informative)
Smoking something? (Score:1)
If it sounds to good to be true...
Who honestly thought that with this service they were "untouchable"? Seriously....
Re: (Score:2)
POTENTIAL problems? (Score:4, Insightful)
No. At this point, potential has surpassed threshold and achieved REAL problem status.
Anyhoo, Lifelock is a scam. Plain and simple.
They'll take your money right enough, but they really can't deliver on their promises to protect you and your information.
They're like insurance salesmen. They're simply trying for quantity and trying to live on margins, hoping that they don't get hit big by some massive info theft that they can't cover up or make disappear.
Once they get a breach of a truly significant portion of their customer's data, expect to see them fold up shop like all the old fly-by-night insurance salesmen in the Depression.
Re:POTENTIAL problems? (Score:4, Insightful)
Re:POTENTIAL problems? (Score:4, Funny)
http://computer.howstuffworks.com/windows-vista.htm [howstuffworks.com]
Oh Really?
Re: (Score:2)
Re: (Score:1)
Re: (Score:2)
Re: (Score:2)
So which companies are not scammers? Or are they all the same?
Re: (Score:2)
Uhh yeah, insurance is all a big scam that only morons buy into. No insurance company has ever paid out a claim and all that paperwork is just lies. Fortunately here at Slashdot we are too smart to be tricked into buying insurance. House fires and auto accidents are more lies by the megacorps/policitians
Re: (Score:2)
Bullshit sensationalism (Score:1, Redundant)
Re: (Score:2)
Police fail to properly redact data (Score:5, Informative)
Re: (Score:2)
The report was redacted just fine (image editing, rather than just "covering up" the redacted info using a different layer)
tmi (Score:2)
One thing people here should think about, is that the owner is ok with putting out his info, but maybe an employee does not want to always have to have that lingering thought of what if. I know I wouldn't if it were me.
Having never used lifelock and I doubt anyo
Orwell? (Score:2)
If newspapers are to retain their place as the writers of the first-draft of history, then they should firmly refuse any revision of an article, once published, even electronically.
Police reports (Score:2)
Are public information. They shouldn't be able to have it taken down, even with a personal visit from their CEO in his billboard truck.
Re:No different than the DNC registery (Score:5, Informative)
It puts a "fraud alert" on your accounts and renews it every 90 days or however long they last for. Something you can easily do yourself for free. Basically having a fraud alert makes banks, lenders, etc. actually do SOME amount of work to verify your identity rather than blindly allowing anyone with a social security number to get a loan in the owner of that number's name.
Re:No different than the DNC registery (Score:4, Informative)
Not entirely true. It theoretically requires banks, lenders, etc do some work before opening a new account. In practice, they usually skip this step. Trust me, I know from experience. I opened a new bank account while I had a fraud alert on my files, yet I was never contacted to confirm that I indeed opened that account. When I pressed the credit reporting agencies on it, I was told that the fraud alert system is more of a "best practice" type of thing, and that companies were in no way obligated to actually follow the guidelines.
Re:No different than the DNC registery (Score:5, Interesting)
With fraud alerts, banks/lenders/etc are recommended to do some verification work, but they aren't *required* to do so. Some institutions might skip the verification and thus allow more ID theft to go on. Better to freeze your credit entirely. It costs some money to place, thaw and remove (how much depends on your state and whether or not you've been a victim of ID theft), but it is definitely worthwhile. As a bonus, since credit card companies can't see your credit information, they won't "pre-approve" you for credit cards and send those blank forms which then need to be shredded lest some ID thief steal them.
Of course, the credit agencies hate security freezes. They want you to place fraud alerts because they can still sell your credit information and you can still sign up for store credit cards on the fly. That's why their lobbyists will fight any bill that promises to make security freezes less expensive or easier to obtain.
Re: (Score:3, Interesting)
Re: (Score:3, Interesting)
Do I get mega-win for being the first commenter (as 'BootyFooz') in the original article [phoenixnewtimes.com] to point out the flawed PDF 'blackouts', revealing SSN, drivers license, and DOB info for both the CEO and the other Lifelock employee?!
The Lifelock thing is clearly a scam founded by a guy who was already lifetime-banned from the credit repair industry. The only thing they did was use robo-dialers to call one credit reporting agency to set fraud alerts on subscribers's credit reports, and when the credit reporting agen