LifeLock

History

LifeLock was co-founded in 2005 by Robert J. Maynard and Todd Davis. Maynard founded the internet service provider (ISP) Internet America in the late 1990s. Former LifeLock CEO Davis worked for Dell before founding Marketing Champions, an advertising and marketing firm.

Maynard resigned from LifeLock in June 2007 after claims that he was a victim of identity theft were questioned. Davis publicly posted his Social Security number as part of a 2007 ad campaign to promote the company's identity theft protection services. However, Davis was a victim of 13 cases of identity theft between 2007 and 2008. Regarding the campaign, Davis said, "We were trying to make the point that ... all it takes is one data breach. The point of that campaign was to take proactive steps to protect your identity."

In December 2008, LifeLock entered into an agreement with TransUnion, one of the three main credit bureaus, to automate the process of alerting customers of potential unauthorized access via their credit reports.

As part of a 2009 settlement with Experian related to false fraud alerts allegations, LifeLock set up a service that does not rely on fraud alerts.

In March 2012, LifeLock acquired ID Analytics, which operates independently as a wholly owned subsidiary Following LifeLock's initial public offering (IPO) announcement in August 2012, Hilary Schneider joined the company as president.

In late 2013, LifeLock acquired Lemon Wallet, a digital wallet platform, for $42.6 million.

In 2015, the FTC obtained a $100 million monetary penalty against LifeLock with $68 million held for class-action refunds to customers in relation to false advertising and failed service delivery allegations.

In January 2016, the company announced that Hilary Schneider would replace Todd Davis as CEO.

LifeLock was acquired by Symantec on February 9, 2017 for $2.3 billion. After Symantec sold its enterprise division to Broadcom, the company was renamed to NortonLifeLock in November 2019. The parent company was further renamed to Gen Digital in 2022, following the merger of NortonLifeLock and Avast.

The company subsequently began to offer its Norton 360 subscription services with LifeLock included.

Funding

The company started with $2 million in seed funding followed by another $5 million in its Series A funding in 2006 from Bessemer Ventures.

LifeLock raised $6 million in its Series B funding from Kleiner Perkins Caufield & Byers in April 2007. The following January, its Series C Funding raised $25 million, led by Goldman Sachs Group, Inc. In August 2009, a Series D funding round raised $40 million for the company. In March 2013, LifeLock raised $100 million in new equity funding from Bessemer Ventures Partners, Goldman, Sachs & Co., Kleiner Perkins Caufield & Byers, Symantec Corporation, and River Street Management. The funds were used towards the acquisition of ID Analytics, an identity theft risk prediction technology.

LifeLock announced plans to take its identity theft protection business public and filed for an IPO worth up to $175 million on August 28, 2012. The company was listed on the New York Stock Exchange beginning on October 3, 2012, trading under the symbol LOCK. LifeLock filed a form with the Securities and Exchange Commission to voluntarily deregister its common stock in 2017 post its acquisition by Symantec for $2.3 billion.

Following Symantec's name change in November 2019, Symantec's stock symbol became NLOK.

Controversies

Robert J. Maynard, Jr., a co-founder of the company, resigned in June 2007 following a controversial story published in Phoenix New Times about his past. The story involved bankruptcy, an FTC investigation, and identity theft.

LifeLock was fined $12 million by the Federal Trade Commission in March 2010 for deceptive advertising. The FTC called the company's prior marketing claims misleading to consumers by claiming to be a 100% guarantee against all forms of identity theft after the co-founder posted his social security number on billboards and commercials to promote the company's “anti data theft protection” .

In 2015, the FTC found LifeLock to be in contempt of the 2010 agreement, charging that they "failed to establish and maintain a comprehensive information security program", and "falsely advertised that it protected consumers' sensitive data". The FTC obtained a $100 million monetary penalty against LifeLock to settle the contempt charge. Of that fine, $68 million was held for class-action refunds to LifeLock customers.

Cybersecurity incidents

2015 refer a friend Security Flaw

In July 2015, security researchers Eric Taylor and Blake Welsh disclosed a cross-site scripting vulnerability on LifeLock’s "refer a friend" webpage. According to The Register, the flaw could have allowed attackers to inject malicious JavaScript, creating opportunities for phishing attempts or account takeover. LifeLock took the affected page offline after being notified and stated that no customer data had been compromised.{{cite news |title=Identity protection outfit LifeLock picked, popped

2018 subscriberkey Security Flaw

In July 2018, a flaw was discovered on LifeLock's website that exposed millions of customer email addresses. The vulnerability involved a numeric subscriberkey parameter which could be sequentially enumerated, allowing anyone to retrieve the email addresses tied to those keys. The flaw was found on a marketing-page that allowed unsubscribing from emails. A security researcher, after receiving a marketing email, accessed a link that showed his own subscriberkey. He then wrote a proof-of-concept script to auto-increment the subscriberkey values, retrieving approximately 70 email addresses before stopping. LifeLock (owned by Symantec at the time) took the website offline after being notified, and stated the issue was limited to the marketing opt-out page managed by a third party. {{cite news |last=Riley |first=Duncan |title=LifeLock exposes customer data via email unsubscribe vulnerability

2022 credential stuffing attack

In December 2022, LifeLock servers suffered an attack using credential stuffing, and over 6,000 user accounts had their details disclosed, including names, addresses, and phone numbers. The method of attack was to use credentials from previous unrelated breaches. This resulted in a large number of failed login attempts on 16 December 2022. Notification of the breach was sent in January 2023.

References

References

1. Carlson, Debbie. (January 31, 2014). "Protect financial information from theft". Chicago Tribune.
2. Fox, Emily Jane. (December 19, 2013). "4 things to do after your credit card has been hacked". [[CNN Money]].
3. Stern, Ray. (2007-05-31). "What Happened in Vegas...".
4. (September 2025). "High Five: Meet Todd Davis, CEO Of LifeLock".
5. Zetter, Kim. (2007-06-11). "LifeLock Founder Resigns Amid Controversy".
6. Zetter, Kim. (2010-05-18). "LifeLock CEO's Identity Stolen 13 Times".
7. Vijayan, Jaikumar. (2010-05-19). "LifeLock CEO said to be victim of identity theft 13 times".
8. Lowery, Ilana. (February 20, 2014). "LifeLock CEO shares more than SSN in first 'Reporter's Notebook' event".
9. O'Grady, Patrick. (2008-12-17). "LifeLock, TransUnion team to fight identity theft".
10. "Fraud-prevention pitchman becomes ID theft victim".
11. Desmond, Maurna. (2008-02-21). "Experian Sues LifeLock For 'Abusing' Fraud Alert System". Forbes.
12. Johnson, Andrew. (2009-10-23). "LifeLock, Experian settle case over alerts". Gannett Company.
13. Rao, Leena. (March 15, 2012). "Identity Theft Protection Company LifeLock Raises $100M From Kleiner, Symantec; Acquires ID Analytics". TechCrunch.
14. (2012-08-28). "Security company LifeLock files for IPO of up to $175 million". Reuters.
15. "Former Top Yahoo Exec Hilary Schneider Promoted to CEO of LifeLock".
16. Fitchard, Kevin. (December 12, 2013). "LifeLock buys mobile wallet Lemon for $42.6M". Gigaom.
17. Fiegerman, Seth. (December 12, 2013). "LifeLock Acquires Lemon App For $42 Million to Develop Digital Wallet". Mashable.
18. Perez, Sarah. (December 12, 2013). "LifeLock Acquires Mobile Wallet Platform Lemon For $42.6 Million, Launches LifeLock Wallet".
19. (December 17, 2015). "LifeLock to Pay $100 Million to Consumers to Settle FTC Charges it Violated 2010 Order".
20. Nichols, Shaun. "LifeLock didn't live up to their hype, and now they're $100m lighter". Situation Publishing.
21. (2016-11-20). "Symantec to acquire LifeLock for $2.3 billion". Reuters.
22. "NortonLifeLock Merges With Avast to Form New Company Called 'Gen'".
23. "Symantec to acquire LifeLock for $2.3B". [[USA Today]].
24. "Symantec completes acquisition of Tempe's LifeLock for $2.3B".
25. Athow, Desire. (29 April 2019). "Norton adds a VPN and more to its refreshed 360 products".
26. Malik, Om. (April 23, 2007). "Lifelock gets $6 million from Kleiner Perkins".
27. Kress, Adam. (January 23, 2008). "LifeLock gains $25 million in third-round funding to support growth". Phoenix Business Journal.
28. Marshall, Matt. (August 5, 2009). "Symantec helps pump $40M into identity theft protection company Lifelock". VentureBeat.
29. O'Grady, Patrick. (March 14, 2012). "LifeLock gets $100 million investment, purchases ID Analytics".
30. "Lifelock expects to price IPO at $9.50-$11.50". MarketWatch.
31. "LifeLock IPO brings in about $141 million".
32. Staff 8-k, M. E.. "LifeLock, Inc. (NYSE:LOCK) Files An 8-K Termination of a Material Definitive Agreement - Market Exclusive".
33. "Goodbye, Symantec: Consumer business gets rebrand".
34. Ray Stern. (30 May 2007). "What Happened in Vegas". [[Phoenix New Times]].
35. Casacchia, Chris. (2007-06-12). "LifeLock founder resigns amid questions about his past". bizjournals.com.
36. Singel, Ryan. (2012-10-03). "LifeLock's IPO Is Unimpressive, But Not as Bad as Its Checkered Past".
37. (9 March 2010). "LifeLock, Inc., a corporation".
38. Fisher, Dennis. (July 1, 2015). "LifeLock Patches XSS That Could’ve Led to Phishing". Threatpost.
39. Krebs, Brian. (July 25, 2018). "LifeLock Bug Exposed Millions of Customer Email Addresses". Krebs on Security.
40. (2023-01-15). "Norton LifeLock says thousands of customer accounts breached". uk.news.yahoo.com.
41. Whittaker, Zack. (January 15, 2023). "Norton LifeLock says thousands of customer accounts breached". TechCrunch.
42. Greig, Jonathan. (January 16, 2023). "Norton LifeLock says 925,000 accounts targeted by credential-stuffing attacks". The Record.