Is LifeLock a Scam? 

If you’re thinking of using LifeLock, you need to know: Is LifeLock a scam? 

Below, we explain whether LifeLock is a scam and discuss some steps you can take to improve your safety when using this identity theft protection service. 

What Is LifeLock?

LifeLock is a subscription-based identity theft protection service.

It monitors your personal data and sends you notifications if it spots any suspicious activity, such as changes to your credit file. 

In the event of identity theft, it provides restoration support. 

The exact features you get depend on which plan you choose. 

LifeLock is now known as Norton LifeLock and is part of Gen Digital. 

Is LifeLock a Scam?

No, LifeLock is not a scam. It’s a well-known identity theft protection service provider. 

It’s been reviewed by major third-party publications and review sites, including:

• NerdWallet. 
• U.S. News (which gave LifeLock a rating of 4.3 out of 5.0 stars). 
• CNET (which is “CNET’s choice for the identity theft protection service with the best monitoring features”). 
• TechRadar (4.0 out of 5.0 stars). 
• Business Insider (3.12 out of 5.0 stars).
• SafeWise (3.0 out of 5.0 stars). 

User reviews of LifeLock are mixed:

• 1.2 out of 5.0 stars (from 2,706 reviews) on ConsumerAffairs.
• 1.4 out of 5.0 stars (from 32 reviews) on Sitejabber. 
• 4.8 out of 5.0 stars (from 8,009 reviews) on Trustpilot.
• 2.2 out of 5.0 stars (from 105 reviews) on PissedConsumer.

Negative reviews mention poor customer support, billing issues, unexpected auto-renewals, login failures, misleading pricing and communication, and ineffective protection (e.g., “nonsense” notifications). 

On internet forums like Reddit, people report varying experiences.

For example, one person recounted how LifeLock failed to notify their co-worker about major legitimate credit activity that should’ve triggered alerts: “My coworker got it when she was getting a divorce and was afraid her ex would try to open new credit with her SSN. She bought a car and a house and didn’t get any notifications from LifeLock about the credit hits. It was completely worthless.”

On the other hand, another person said that though they don’t use LifeLock personally, their mother does, and in her case, it worked well. 

They said: “I don’t personally have it but my mom does and it has caught a couple instances of people trying to open credit cards in her name or with her social security number and they resolved everything for her easily. I guess it really depends on you and your situation. I stay on top of my credit, she doesn’t really check hers so this service does it for her.”

Internet users also mention LifeLock’s marketing stunt where, to demonstrate confidence in his company’s identity theft protection services, the CEO, Todd Davis, published his Social Security number (SSN) on billboards, in commercials, and on the company’s website. 

With this bold move, the company aimed to demonstrate that LifeLock could protect customers even if their SSNs were exposed.

However, it backfired. 

Davis’s identity was stolen at least 13 times as criminals used his publicly available Social Security number to open fraudulent accounts and incur debts.

LifeLock claimed that while there were “hundreds” of attempts to misuse Davis’ information, only 13 were successful, and that in each case, the company’s services helped resolve the issues without financial loss to Davis.

Still, these thefts undermined public confidence in LifeLock’s protection claims. 

FTC fines

In 2010, LifeLock was fined $12 million by the Federal Trade Commission (FTC) for deceptive advertising, particularly for claiming a “100% guarantee” against identity theft, which the FTC found misleading.

In 2015, LifeLock was fined $100 million for failing to comply with the 2010 order. 

The FTC found that LifeLock had not established a comprehensive information security program to protect sensitive user data (including their Social Security and credit card numbers), falsely advertised its security protections (claiming it had the same high-level safeguards as financial institutions and that it would send alerts “as soon as” it had indications a consumer may be a victim of identity theft), and failed to meet recordkeeping requirements.

Security

In its privacy policy, LifeLock describes the security measures it has in place.

It says it has “reasonable and appropriate physical, technical, and organizational security measures” in place. It then describes these measures in more detail.

For example, it states that it has physical safeguards (including secure media destruction policies and control access to its facilities), technical safeguards (such as encryption, intrusion detection, and data loss prevention), and organizational safeguards (like role-specific training and security and privacy awareness programs). 

In 2018, a bug on LifeLock’s website exposed millions of customer email addresses by allowing anyone to enumerate subscriber IDs and access email addresses. 

In December 2022, LifeLock suffered a credential stuffing attack, resulting in the exposure of details for over 6,000 user accounts, including names, addresses, and phone numbers. The breach occurred when attackers used credentials from unrelated breaches to attempt logins.

Privacy

LifeLock explains the kind of information it collects, why, and with whom it shares it in its product-specific privacy policy.

It collects the following personal information: 

• Account data, e.g., name, email, address, DOB, phone number, payment details, etc.
• Identity data, e.g., SSN, ID numbers, financial info, children’s data (if LifeLock Junior).
• Service data, e.g., screenshots (scam verification), restoration/complaint case numbers.
• Location data, e.g., IP address, geolocation.
• Device data, e.g., device ID, OS, browser info, language.
• Security data, e.g., credit scores/reports, bank transactions, photos of IDs.
• Service data, e.g., error logs and usage data.
• Identity data (from third parties), e.g., verified name, SSN, DOB, etc.
• Security & service data, e.g., credit reports, alert info, usage analytics

It uses this data for account setup, verification, communication, and delivering selected services. It also uses it to support features like scam verification and restoration, as well as to improve product functionality.

Additionally, LifeLock uses the above information to deliver appropriate services, set language preferences, monitor fraud, enhance protection, facilitate identity verification, and provide alerts. 

LifeLock’s data retention periods vary depending on data type. For example, it retains your name, email, and phone number while you’re active or for 36 months. It retains your mother’s maiden name while active or for 6 months. 

Once LifeLock no longer has a legitimate business reason for retaining your data, it will either securely dispose of it or de-identify it, as outlined in its overall privacy policy. 

Depending on where you reside, you may be able to exercise your privacy rights, such as the right to access the personal information LifeLock has about you and request its deletion. 

You can choose to opt out of LifeLock marketing communications. 

So, Should You Use LifeLock?

Depends.

If you think you’re at high risk of identity theft and want monitoring, alerts, and restoration help, LifeLock can be a good option. 

Just remember that LifeLock monitors but doesn’t prevent fraud.

Free alternatives, such as freezing your credit with all three bureaus, can block new credit applications.

How to Use LifeLock Safely and Privately 

• Share minimal information. It’s always a good idea to only share essential information. 
• Create a strong password. And don’t reuse it across other services. 
• Turn on 2FA. This helps keep your account more secure in case your password is leaked. 
• Opt out of marketing communications. You can do this by clicking the unsubscribe function in the communications from LifeLock, contacting customer service, or managing your preferences in your LifeLock Portal. 
• Limit app permissions. If using the LifeLock mobile app, turn off unnecessary permissions, such as location access, unless you need them for specific features.
• Exercise your privacy rights. Depending on where you live, you may be able to exercise privacy rights like data access and deletion. 
• Check LifeLock’s privacy policy periodically. Regularly review LifeLock’s privacy policy to stay current on what they collect and how long they keep it.
• Use other tools. Even with LifeLock, consider freezing your credit with Experian, TransUnion, and Equifax and use tools like HaveIBeenPwned to monitor email breaches independently. Also, opt out of data brokers, which can enable identity theft. See our opt-out guides for hundreds of data brokers or subscribe to a data broker removal service like DeleteMe to have professionals remove you from data brokers on your behalf.