Forgot your password?
typodupeerror
Security IT

Lifelock Worries After Employee Data Leaked To Web 145

Posted by samzenpus
from the protect-that dept.
itwbennett writes "Last week, Phoenix New Times reporter Ray Stein revealed that LifeLock CEO Todd Davis (who famously published his Social Security number in LifeLock ads) had been the victim of identity theft at least 13 times. This week, LifeLock made it clear that it's not so cavalier with its employees' personal data. The company asked the New Times to remove from its website a police report containing a redacted Social Security number, date of birth, address, and phone number of Lifelock employee Tamika Jones. In an interview, Stein said that the fact that LifeLock had to call and ask for the document to be removed reflected badly on Lifelock's service. 'I think this shows clearly that they know that it's got potential problems.'"
This discussion has been archived. No new comments can be posted.

Lifelock Worries After Employee Data Leaked To Web

Comments Filter:
  • Really now? (Score:5, Interesting)

    by Darkness404 (1287218) on Wednesday May 26, 2010 @11:05PM (#32357384)
    Anyone who expects a service to 100% protect them from identity theft is an idiot. Its just like a virus scanner, it might be helpful but its no substitute for common sense.
    • Re:Really now? (Score:5, Insightful)

      by Shakrai (717556) * on Wednesday May 26, 2010 @11:17PM (#32357458) Journal

      it might be helpful but its no substitute for common sense.

      Common sense would be banks requiring more information than an SSN and DOB from an internet connected computer before opening lines of credit. I watched someone apply for a line of credit with Citi online and receive a $15,000 account with no verification of his identity beyond the SSN/DOB match. What's wrong with that picture?

      • Re: (Score:1, Insightful)

        by Anonymous Coward

        What's wrong with that picture?

        That you're making shit up?

      • Re: (Score:2, Interesting)

        by Anonymous Coward

        However, on the flipside, there are privacy issues with giving personally identifiable data to a prime hacking target (like a major lending institution.)

        In order for them to validate a session as a legitimate person, they need personally identifiable data on that person. That means that they are warehousing such data, and in addition to being a target for wirefraud directly, they also become a target for identity theives of the highest order.

        Knowing a little bit about data security (and security in general

        • by biryokumaru (822262) <biryokumaru@gmail.com> on Thursday May 27, 2010 @12:09AM (#32357798)

          Right on, brother!

          This is exactly what I said when they first invented banks! I mean, anyone can just walk into one of those places with a fake ID and *bam* they've got all my money! That's why I keep all my money in gold Krugerrands in a shoe box under my...

          Hey now, I'm not gonna tell you where I keep my shoe box! Now get off my lawn, you wacko!

        • by Gr8Apes (679165)

          A simple mnemonic to think of when contemplating using the internet for something: Would trust handing that data to a total stranger on the street?

          And that's why I wish I could give 1 time card numbers to stores as well. Keeps them from tracking me too.

          Paranoid? Obviously not enough, I'm not AC.

        • Re:Really now? (Score:5, Insightful)

          by jonwil (467024) on Thursday May 27, 2010 @12:39AM (#32357978)

          When I opened my bank account (here in Australia) I had to go into the branch physically and sign up for it, including showing various forms of ID.

          The only reason the US isn't as strict is that the banks have used their powerful influence to make sure that nothing gets in the way of their ability to offer vast amounts of credit (home loans, car loans, personal loans, credit cards etc) to anyone and everyone.

          They want to make getting a credit card as easy as possible.

          • by Kiel0 (1365383)
            Case in point, I took this idea to my neighbor around dinner-time this evening. Within 40 minutes I had places of birth, first car models owned, and the easiest was the ever-sacred maiden names. Now....what to buy???
            • by TJamieson (218336)

              Interestingly, the maiden name has lost its value in recent times. It used to be that the moment a woman got married, her maiden name all but vanished; these days, it seems the younger married woman prefers to use her maiden name as a new middle name.

              The maiden name was always a goofy "security" thing anyway; long before the internet, a little social engineering is all it took to glean a maiden name.

          • by Ihmhi (1206036)

            Where's the best place to start, then? Any advice for someone who is going to get their first CC this year? Should I get it from my bank, or somewhere else?

            • Re: (Score:3, Insightful)

              by sodul (833177)

              American Express is your friend.

              It took me over a year once I moved to the US to get a credit card. It took even longer for my wife since she had no SSN until a few years ago (yes you can live legally in the US for years and declare taxes without being allowed a SSN).

              There is a vicious circle: no credit history, you can't get a credit card ... but you need one to get a credit history. You also have the option of the prepaid credit card, where you have to loan the bank say $500 for a $500 line of credit.

              But

              • by Myopic (18616)

                Yes indeed, without a credit history you can't get a credit card, and without a credit card, you can't get a credit history. That is why nobody in the world has a credit card, right?

            • Find a local credit union. Bank and do your credit card with them.

              Mine lets me transfer money directly from my checking/savings to pay off my credit card. They've got automated bill paying (rent check gets mailed out mid-month for me, automatically.) and a bunch of other good stuff. All free.

              Seriously - credit card companies and banks are the spawn of satan. Find a good credit union.
            • by sjames (1099)

              Just get your name into the advertiser's databases. Soon enough, you will have credit card offers streaming in. So will your dog, cat, goldfish, and the deceased hamster you had when you were 5 years old.

              • by Ihmhi (1206036)

                So wait, the best way to get a credit card is to ignore actually sign up for all of those Limited Time Offers I've been ignoring all these years? DAMMIT!

                Well, it's a good thing that I never told them my e-mail address is i_have_mental_health_issues@yahoo.com and that I am HIGHLY interested in opening a new line of credit. Yes, very good thing, that.

          • by Z8 (1602647)

            The only reason the US isn't as strict is that the banks have used their powerful influence to make sure that nothing gets in the way of their ability to offer vast amounts of credit (home loans, car loans, personal loans, credit cards etc) to anyone and everyone.

            Do you have any evidence of this? Because it also happens the other way around—the banks put up fake barriers to credit, and the government orders them to take them down due to fairness, anti-discrimination, etc.

          • The only reason the US isn't as strict is that the banks have used their powerful influence to make sure that nothing gets in the way of their ability to offer vast amounts of credit (home loans, car loans, personal loans, credit cards etc) to anyone and everyone.

            Right - it is in a bank's best interest to lend their money to as many people as possible, with no verification of whether or not those people will ever be able to pay it back. Because you know, when you steal the bank's money, the bank wins!

            • Right - it is in a bank's best interest to lend their money to as many people as possible, with no verification of whether or not those people will ever be able to pay it back. Because you know, when you steal the bank's money, the bank wins!

              The banks borrow the money from the Federal Reserve (which creates it "out of thin air") at very low interest (currently nearly zero - but call it 2% to make some numbers come out nice later). Why do they accept and solicit deposits (on which they pay similarly low int

              • So for every thousand bux they borrow at nearly zero interest to fund this operation they make somewhere between $240 and over %500 per year.

                Typo: Make that $500.

          • by mattack2 (1165421)

            But people are also legally liable for $50 in unauthorized charges at most (though AFAIK, most card companies waive that too, as long as it's reported promptly). Also (this may be a state by state thing), merchants are unable to charge a fee for credit card use. (They can give a "cash discount", thus effectively the same thing -- but at least you pay the posted price with credit cards. I realize this also can be considered a bad thing from a merchant's point of view.)

            So at least for credit cards, it seem

        • Re:Really now? (Score:5, Interesting)

          by AK Marc (707885) on Thursday May 27, 2010 @12:46AM (#32358014)
          There are any number of ways that a bank could be compromised, and the data distributed. Unlike a password, or a username, or even a SSN, there is no way to change your mother's maiden name, etc.

          I opened a bank in a foreign country. They take and hash your password as you give it to them. The password is never known by anyone there, can't be retrieved and will never be seen. It's up to me to make sure I don't use it on an infected system. If it gets out, I'm pretty much on the hook for whatever is in my account when someone wipes it out. That password is worth thousands of dollars. You make sure it's secure, and you treat it as such.

          The fraud levels in the US are some of the highest in the world, and it's because the banks don't care. They make enough with the fraud and aren't held responsible for the actual harm they cause people when they put inaccurate information on credit reports.

          Let someone sue when there's an inaccuracy on their credit report (with the burden being on the person who put it there to prove it's accurate) and you'll see that crap stopped pretty quick. Make the banks pay an "oops" fee of $100 to their customers when the banks take out money because of a fraudulent transaction the customer couldn't have prevented. Hold the banks responsible for the damage they are causing through "identity theft" (which is nothing more than lax security blamed on their customers when the banks have the ability to stop nearly all identity theft). When that's done, then fraud will drop and identity theft will be gone except for the few cases where couples pretend to be the other to wipe out an account as part of a breakup.
          • Re: (Score:3, Interesting)

            by Moridineas (213502)

            I think your heart is in the right place, but I'm not sure your ideas make sense?

            I opened a bank in a foreign country. They take and hash your password as you give it to them. The password is never known by anyone there, can't be retrieved and will never be seen. It's up to me to make sure I don't use it on an infected system. If it gets out, I'm pretty much on the hook for whatever is in my account when someone wipes it out. That password is worth thousands of dollars. You make sure it's secure, and you treat it as such.

            God, I hope most banks don't rely on such weak security? The bank where I have my business account gave me a security token that I've got to use in addition to a username/password to login. Before I do anything major like account transfers or wires, I've got to use the security token again. Interactive Brokers trading offers security tokens as well though I haven't used theirs--I have a lookup page from them that serves the sam

            • by sjames (1099)

              That would be awesome. I'd set up an arrangement where my friends would steal my identity. They'd give whatever they got back to me, and we'd split the $100. Nobody would possibly take advantage of that system!

              Excellent! If the banks are that lax, they deserve to lose. Watch carefully though since they'll soon tighten up security and then your friends will get busted for fraud (and you for conspiracy). If the banks are actually doing what they should be, there can be no abuse of the oops fee. You'll know it's working when the detectives show up.

              • Absolutely that would be the proper outcome. My point is merely that ranting isn't enough, when you just randomly toss out ideas like this you have to consider the full consequences. It's Bastiat's seen and unseen.

                Some people like to think criminals are dumb. It's true that there are a lot of dumb criminals (and a lot of dumb people in general), but when it comes to financial fraud and millions of dollars, there are some smart people out there as well, and they're playing for keeps.

                Kind of funny how on slas

            • by AK Marc (707885)
              Are they really?

              Yes, the US is a location of a great amount of fraud.

              You CAN sue,

              I use the phrase "can sue" that holds meaning. Anyone can sue for any reason. You can sue your neighbor for not being home when you burned your house down. There doesn't need to be cause or standing to file paperwork. It will likely not make it past the first viewing by a judge, but anyone can sue for any reason. So "can" sue means to me that you'd get to a judgment with at least, say, a 25% chance of winning. With
              • Yes, the US is a location of a great amount of fraud.

                Yes, but that wasn't the question. Further data?

                I use the phrase "can sue" that holds meaning. Anyone can sue for any reason. You can sue your neighbor for not being home when you burned your house down. There doesn't need to be cause or standing to file paperwork. It will likely not make it past the first viewing by a judge, but anyone can sue for any reason. So "can" sue means to me that you'd get to a judgment with at least, say, a 25% chance of winning. With that definition, you can't sue.

                As I said, google it. If you don't find instances of succesful law suits in these situations, you're seeing different search results than I am!

                So? They send a form letter back with "on XXX date Joe Schiester stated that you were in default." And done. That's it. You have no recourse after that with the credit report agency if they contact Joe and he says it's true. At best, you can have an explanation attached to that item, but you can't get it off through the agency if the bad data was put on by someone who continues to claim it's correct. Please correct me if I'm wrong, but that's my understanding. At that point, you can sue the person that put it on, but not the agency itself.

                That's not true. If you send them proof that their source data is wrong, they HAVE to respond. Again, check out the Fair Credit Reporting Act.

                Why wait, do it now. Go charge up a bunch of crap on a friend's credit card. Have him report it stolen a couple hours later. Sell the crap on ebay. If you aren't doing that now, then you are a liar when you say you'd game the system. And the implication that it can be gamed is irrelevant to the assertion it would stop the practice.

                I'm a liar? Ok, you got me! Sheesh, I never understand how people can get so worked up in personal fashion on online conversations. People game the system right now, if you don't

                • by AK Marc (707885)
                  That's not true. If you send them proof that their source data is wrong, they HAVE to respond. Again, check out the Fair Credit Reporting Act.

                  It is true. You said nothing that contradicted me. And how do you prove that you don't owe money to someone you never met?

                  what specifically are banks doing wrong right now to encourage identity theft, and what specifically should they be doing differently?

                  I never said they encouraged it. Again, you are making up things. They are not taking steps to reduce it
          • by jittles (1613415)

            Are you sure people can't sue? I had Cingular (Now AT&T Wireless) put a fraudulent entry on my credit report. They even sent me to collections on a $0.00 balance. I wrote both the collections agency and AT&T and told them they had 2 business weeks to correct my credit report and cease collections attempts or I was going to sue them both for libel. Sure enough, two weeks later everything had been cleaned up.

            I'm certainly no expert but my guess is that's a record time for having a credit report fix

            • by AK Marc (707885)
              People can sue any time for any reason. I could sue you because you used my oxygen breathing. I'd lose, but I "can sue."

              In your case, you'd have lost such a suit (or, at bet won with no award of damages). For one, "fraud" requires they gain something. It also requires purpose. Accidentally doing it isn't fraud. Doing something that doesn't cause harm isn't fraud. And to sue, you'd need to prove actual damages. What damage did you receive? Libel also requires that it be published. If no one else r
        • IMHO, Banks should use a dedicated, private network that does NOT have ANY endpoints connected to the public internet for just this reason.

          Would there not be some point in transit between, say, a point-of-sale cardreader or an ATM, that could be similarly compromised? It wouldn't necessarily be easy, but where there's a will, there is a way. Even if every unit had it's own dedicated line from itself to the bank, those cables have to run somewhere, and you can't necessarily keep them under constant supervision. It might reduce the number of points of failure (as far as security mechanisms are concerned), but by no means would it eliminate the

        • by mlts (1038732) *

          I like the idea of a dedicated, private network. This is what a lot of companies used to have before they were called intranets.

          Maybe expand on this some, have it be a B2B backbone (BIPRnet, similar to NIPRnet and SIPRnet) where unless authorization is prearranged beforehand for one business's machines to communicate with another's, the switching fabric wouldn't allow the connection? This could be done even at a port level, so B2B E-mail via an Exchange connector at a custom port would go through, but som

      • by mlts (1038732) *

        Common sense would be banks offering either a hardware keyfob and/or an app for Android/iPhone/Win Mobile that gives secondary authentication, or confirmation of transactions like IBM's ZTIC.

        Or even better, a common standard, similar to RSA SecurID, so each bank doesn't have to have their own different, incompatible type of offline auth device.

        Having this would shift theft of accounts from just getting malware onto peoples' computers back to either attacking banks directly, or their patrons.

        • Re:Really now? (Score:4, Insightful)

          by rtfa-troll (1340807) on Thursday May 27, 2010 @01:48AM (#32358332)

          Putting these technical restrictions to regulation is a bad idea (though some limited minimum standards is probably good). I think you have to look at the difference between the credit card system and the bank account system. You'll probably find that there's more technical protection on your bank account access, but credit card fraud worries you less and causes you fewer problems. The reason for this is that the credit card fraud is pushed to the place which is able to verify the transaction and not just the account holder; the shop and the credit card system. The security is very dynamic. If you make a small transaction in a place near where you live, it will almost always go through. If you make a large transaction in Cambodia, soon after making one at home (unless, of course you are Cambodian, in which case the same argument applies, but in New York), the company will call you directly to your mobile phone and ask you to confirm the transaction.

          The reason this works like this (which is expensive) and works so well is simple. You are allowed to reverse the transactions if they aren't yours. This pushes the liability to the bank. If the same applied to bank accounts, that you could just reverse any transaction and the bank had to prove you were liable for it, suddenly bank fraud would be massively reduced, disappear completely as a consumer problem and the criminals trying it would be pursued to the ends of the earth.

        • Re: (Score:3, Informative)

          by iamweasel (1217570)

          That's what we have in Finland at least. First you have to physically go to the bank to identify yourself and then you get a login/password and a physical list of key-value pairs for online banking. When you start to run out of said keys you go get another list from the bank or order one through mail. Then you change the list using a value from the previous list and input the number of the new key list.

          In order to compromise in this system someone would have to have access both to my specific key list and m

          • Re: (Score:3, Interesting)

            by mlts (1038732) *

            Most of Europe has something like this, either a keyfob, or a TAN list.

            However, it a rare sight for an American bank to offer much if anything more than username/password protection. You might find a bank that asks a question from your challenge/response list, or asks you to select the answer on a random list, where the text is a bitmap (to help foil malware that doesn't have an OCR engine.) Anything more than that, good luck.

            What is ironic is that Blizzard offers a keyfob and/or an app for the iPhone and

        • Re: (Score:3, Interesting)

          by Ford Prefect (8777)

          What I have for my British Nationwide [nationwide.co.uk] account (a building society rather than a bank, but that's mainly semantics) is a small, calculator-lookalike card-reader that takes my ATM card and PIN and is used to sign any transactions or other significant operations involving money.

          Say I want to transfer money to a non-Nationwide account, I have to:

          Login by entering my customer number, passphrase and three randomly selected digits of a secret six-digit code,
          Set up the transfer, put my ATM card (with chip) into the

      • by sjames (1099)

        The real WTF is that if the account is opened fraudulently, the bank and credit agencies will spread nasty gossip (slander) about the actual person and try to collect the money from him. If (and only if) he challenges them on it, they will claim that the original fraudster committed a crime against him and that it is his problem. They will also claim that they are an innocent and uninvolved 3rd party to the crime.

    • Re:Really now? (Score:5, Insightful)

      by NotQuiteReal (608241) on Thursday May 27, 2010 @12:17AM (#32357848) Journal
      Yup - I've been anonymous on the Internet, since, well, since it was Darpanet, or uucp, or whatever it was. Call me paranoid, but even way back in the day, I always wondered, "why would I want anyone to know X, about me?"

      If you are writing me a check, I'll give you enough info so I can cash it, otherwise, meh. Even my cable bill has a misspelling in my name I have not corrected in 14 years.

      P.S. NotQuiteReal, is not my real name... Proud alias-using "lurker" on the Internet/Usenet since 1982 (or before...)
    • by lymond01 (314120)

      I assumed it wasn't about protecting yourself but the ability to pay someone to do it and get paid by them if they don't. Paying someone to be responsible for you, with the expectation of getting reimbursed and then some if they don't. Liability.

    • by oreaq (817314)

      Anyone who expects a service to 100% protect them from identity theft is an idiot.

      Identity Theft does not exist. No one can steal an identity. At least not with today's technology. Some bank gets scammed by somebody. The bank then recovers its loss by defrauding one of their customers. The solution to this "problem" is obvious.

    • by SkyDude (919251)

      Anyone who expects a service to 100% protect them from identity theft is an idiot. Its just like a virus scanner, it might be helpful but its no substitute for common sense.

      Sometimes they're not idiots. Some are just too trusting or are just plain unaware.

      My company often receives mail orders containing personal checks. Every year we see several who continue to allow their SSN to be printed on the check, along with the name, address and phone number. These folks are seniors (+70) and don't understand that the SSN is the key to the castle.

      In a few cases, I've sent a short letter explaining why they shouldn't do that, and a few have called and thanked me for the information. Oft

  • by Anonymous Coward
    need I say more?
  • In an interview, Stein said that the fact that LifeLock had to call and ask for the document to be removed reflected badly on Lifelock's service. 'I think this shows clearly that they know that it's got potential problems.'"

    so a service designed to protect your privacy is broken if it actively attempts to protect your privacy? I think this shows clearly that they got a proactive strategy to protect personal information.

    just because the CEO is willing to stick his chin out doesn't mean i trust him to stick MY chin out.

    • by thedohman (932417) on Thursday May 27, 2010 @12:00AM (#32357746)
      You are absolutely correct! They are doing exactly as I would expect the service to do. She got her info on a police report. The police department gave a media outlet the report in such a way that her personal information was exposed. LifeLock called the media outlet and asked to remove her data. There is no way anybody could have prevented the info from getting there in the first place... except maybe not giving the police department your SSN when reporting a crime happening to someone else.

      If I was a customer of theirs, and a police department did the same to me, then LifeLock is doing exactly as I would expect them to do, if they wanted to continue getting my monthly fee.

      However, Tamika is one of their own, and the police report was published in an article about them. I don't think they would even notice if it had happened to a regular customer and/or if it had not been an article concerning LifeLock.
  • by mysidia (191772) on Wednesday May 26, 2010 @11:09PM (#32357410)

    Not everyone reviews a credit report before issuing any type of credit.

    ID thieves can potentially abuse personal information, no matter how many types of fraud alerts you put, there is no guarantee that it will be seen by every third party.

    Or the ID thief may employee social engineering and even defeat the 'fraud alert'

    Todd Davis' publishing his social security number is a gimmick, and he should understand the risks, and chose to do so anyway, clearly as a publicity stunt.

    As CEO and well-known media figure he can probably more easily deal with any ills that result than the average joe, and rely on his company to pay all the money and take all the hassle haggling with creditors of ID thief.

    Minor cost well worth the publicity.

    His SSN is also more likely to be recognized by banks, and (I suspect) he has little need to himself apply for credit, personally, otherwise he would not do it.

    As for other employees of the company.... they have not agreed to this, not agreed to the hassle, and are in a much poorer position to defend themselves against ID theft. They have every right to their privacy, and to not have media organizations publish redacted/legally sealed or legally witheld info.

    • by Shakrai (717556) * on Wednesday May 26, 2010 @11:19PM (#32357472) Journal

      no matter how many types of fraud alerts you put

      Better than a fraud alert is the security freeze [experian.com]. They won't open a new account if they can't see your credit report. The security freeze shouldn't even be a major inconvenience, unless you are one of the champs that applies for every new credit and store card under the sun.

      • Re: (Score:2, Informative)

        by mysidia (191772)

        I'll agree a security freeze is better.

        But a Credit card or Loan isn't the only type of account an ID thief can try to open fraudulently in a victim's name.

        They might try to open a checking account instead, which does not involve a CRA inquiry. Instead, the inquiry would go to CheXsystems or similar, which do not provide a 'security freeze' option

        The ID thief may also create a bogus instrument, such as a 'checkbook' of fake checks in victim's name.

        If the ID thief is up to title fraud, they also ma

      • That's what my wife and I did to our credit after my identity was stolen. It was a slight hassle when I needed to buy a new car. I had to thaw our credit for a small time frame. Still, that slight hassle is nothing compared with the hassle of repairing a stolen identity. Of course, the credit agencies don't like security freezes. They make their money off of selling your data to other companies and they can't sell frozen accounts. They'd much rather you put a next-to-useless fraud alert on your accoun

        • by hedwards (940851)
          Why it is that we allow them to think that they own that information is beyond me. The information belongs to the person to which it applies. I should have complete control over how it's used and who gets to see it. There certainly shouldn't be anybody looking at it without my requesting a product or service which requires a credit check. But I'm sure the ZOMG corporations being held accountable people will tell me that it's completely my fault if they lose my personal information like TD Ameritrade did. Be
      • The problem with doing a security freeze on your account is that many places will charge you a fee every time they have to un-freeze it to run your credit when you DO authorize it.

        Like you say, it's probably fine if you have no intentions of applying for any credit or loans for quite a while. But it gets annoying when, say, a person decides to buy a new car and finds out they're hit with a $25 charge just so the dealership can verify they're a good credit risk.

      • by Lehk228 (705449)
        The security freeze shouldn't even be a major inconvenience, unless you are one of the champs that applies for every new credit and store card under the sun.


        in which case identity theives can't very well trash your credit when you have already done the job for them
  • Cringely... (Score:4, Informative)

    by Anonymous Coward on Wednesday May 26, 2010 @11:22PM (#32357480)

    http://www.cringely.com/2010/05/lifeblocked/

  • Their service must not actually be trying to prevent identity theft, but trying to keep you from knowing when it happens.
    • by fluffy99 (870997)

      Their service must not actually be trying to prevent identity theft, but trying to keep you from knowing when it happens.

      Close. When they see something they clean it up and then tell the customer they blocked the attempt, so the customer thinks they got their money's worth.

  • Ya, You Betcha (Score:3, Interesting)

    by MightyMartian (840721) on Wednesday May 26, 2010 @11:23PM (#32357492) Journal

    ... 'I think this shows clearly that they know that it's got potential problems.'

    What it shows clearly is that Lifelock is worthless, except at taking money from morons.

  • by ksemlerK (610016) <kurtsemler@@@gmail...com> on Wednesday May 26, 2010 @11:33PM (#32357586) Homepage
    ...Freeze your credit reports.

    EQUIFAX Online Help: How to place a security freeze [equifax.com]

    Experian Online Help: Security Freeze [experian.com]

    TransUnion Personal: Security Freeze [transunion.com]

    Problem solved, and you're not paying $9.95 a month for a service you can easily perform yourself that is far more effective then what any of these supposed "Identity protection" companies offer.
    • by Ron Bennett (14590) on Wednesday May 26, 2010 @11:51PM (#32357694) Homepage

      Freezing often costs money. And each of those credit bureau charges separately. Could cost one upwards of $30 to place a freeze at all three.

      The hassles of "freezing" along with the fees to do so, is another illustration of the financial system being crooked; not designed to protect people, but rather to make credit as easy to obtain as possible with little regard to security.

      Ron

      • by ksemlerK (610016)
        That's $30 for a protection for life, (until you lift the freeze), versus $120/yr for nothing then a company placing fraud alerts on your credit report for you. I know which one I choose.
        • by AK Marc (707885) on Thursday May 27, 2010 @12:33AM (#32357950)
          That's $30 for a protection for life,

          Protection from what? Banks that blame a 3rd party every time they get robbed? This is no different than if a robber walks into a bank with a deposit slip from your account, writes "give me $10,000" on it, and robs the bank at gun point. Then, when the bank notices that it has your name on the deposit slip, they take it out of your account without your knowledge or permission, even when they know for sure you weren't the robber.

          Banks are stealing from their customers when they are robbed. When "identity theft" is treated as it really is, simple fraud, then the world will be a better place. If Congress had balls (and they don't have balls, just pockets with checks in them from the banks), they'd pass a law where every contact with a customer because of a fraudulent account opened by a 3rd party earned them a $100 fine to be paid to the customer, they'd figure out security pretty damn quick. Instead, it's cheaper to screw the lives of their customers (or often, even non customers) because they are too cheap and lazy to have actual security.

          "Identity theft" is where the bank performs legalized fraud to harm people because the bank got robbed due to their own negligence.
          • by jittles (1613415)

            If Congress had balls (and they don't have balls, just pockets with checks in them from the banks)...

            The beauty of it all is that the bank wrote that check on your account!

          • "Identity theft" is where the bank performs legalized fraud to harm people because the bank got robbed due to their own negligence.

            Here's the obligatory Mitchell and Webb clip [youtube.com]:

        • $30 for life? Not exactly, because "until you lift the freeze" often involves a fee too (and possibly an additional fee to put the freeze back on), which too can be upwards of $10 for each credit bureau.

          Still, even with the added "lift freeze" fees, for most people, you're right that it's cheaper to skip LifeLock and do-it-yourself.

          Ron

          • Re: (Score:2, Informative)

            by ksemlerK (610016)
            Unless it is a mortgage, or another purchase in excess of $50000, the credit granter will typically only check with one bureau. Inquire about which bureau they are checking with, so you don't end up spending unnecessary money. It usually only takes 15 minutes to unfreeze a credit line, so place the call, and go have a cigarette. By the time that you come back in, it will be open, and they can run the credit score. After you are approved for the loan, place another call, and freeze your credit score agai
  • If it sounds to good to be true...

    Who honestly thought that with this service they were "untouchable"? Seriously....

    • by hedwards (940851)
      Sigh, I'm not sure where that rumor got started. They don't claim to be untouchable otherwise why would they be advertising an insurance policy included with service? They pay the first I think it's 2 million of fraudulent activities if they're unable to get it fixed so that you aren't charged for them. I doubt very much that they'd include that if they were really untouchable. Not saying that I trust them or use them, but we should at least be telling the truth about it.
  • by Chas (5144) on Wednesday May 26, 2010 @11:43PM (#32357654) Homepage Journal

    No. At this point, potential has surpassed threshold and achieved REAL problem status.

    Anyhoo, Lifelock is a scam. Plain and simple.
    They'll take your money right enough, but they really can't deliver on their promises to protect you and your information.
    They're like insurance salesmen. They're simply trying for quantity and trying to live on margins, hoping that they don't get hit big by some massive info theft that they can't cover up or make disappear.
    Once they get a breach of a truly significant portion of their customer's data, expect to see them fold up shop like all the old fly-by-night insurance salesmen in the Depression.

  • Police fucked up. Let's get with the /. flaming the private sector.
    • Why is parent Interesting? Even for those without access to the IP log, Redundant would be more appropriate, given the number of time this same comment has been splattered all over Slashdot.
  • by logjon (1411219) on Thursday May 27, 2010 @12:45AM (#32358006)
    Where is that story? Oh, lifelock is an easier target. I understand.
    • When astroturfing, at least do it from home, so that people don't see your account attached to a Livelock IP address. Moron.

      The report was redacted just fine (image editing, rather than just "covering up" the redacted info using a different layer)

  • by josepha48 (13953)
    I've noticed everyone says lifelock is a scam. Well they caught the fact that the information was exposed! It is a start. The question is will they catch anyone who tries to use the ssn and birth date and other information to steal her identity?

    One thing people here should think about, is that the owner is ok with putting out his info, but maybe an employee does not want to always have to have that lingering thought of what if. I know I wouldn't if it were me.

    Having never used lifelock and I doubt anyo

  • Did they remove it, or did they simply redact it from the web version of the article?

    If newspapers are to retain their place as the writers of the first-draft of history, then they should firmly refuse any revision of an article, once published, even electronically.
  • Are public information. They shouldn't be able to have it taken down, even with a personal visit from their CEO in his billboard truck.

There is no royal road to geometry. -- Euclid

Working...