Tactical Rabbit’s mission is to uncover, analyze and—when required—go public with highly-sensitive information. The private intelligence agency performed all three services during an investigation of an Arizona-based company named LifeLock.
LifeLock sells identity theft monitoring services. It is hard to miss its advertisements on television, radio and the web. In 2014, LifeLock spent $100 million on advertising. Just four years earlier, the Federal Trade Commission fined the company $12 million for deceptive ads. The company had promised “complete protection” against ID thieves, an impossible promise to keep. In one of the ads, the LifeLock CEO flashed his social security number on the side of a truck and challenged anyone to steal his identity. The media had a field day when 13 people were able to do it. “While LifeLock promised consumers complete protection against all types of identity theft, in truth, the protection it actually provided left enough holes that you could drive a truck through it,” the then-FTC Chairman said in a statement.
In 2014, a Tactical Rabbit client raised disturbing new concerns about another outlandish claim being made by LifeLock. The company promised to pay any customer $1 million if their identity was stolen. Tactical Rabbit’s financial forensic investigators meticulously waded through the arcane and confusing language associated with “Million Dollar Guarantee,” and found that it wildly overpromised. Upon closer examination, Tactical Rabbit operatives determined that customers whose identities were hacked would never see any monetary award. Instead the money would be used to hire lawyers who would attempt to make the bilked customer whole.
During its investigation, Tactical Rabbit utilized financial intelligence, open-source intelligence, and human intelligence methods. In addition, the company’s highly-experienced investigators examined non-public databases and cyber data through proprietary analytical and collection methods. After the analysis, Tactical Rabbit CEO and Intelligence Director Everett Stern became convinced that LifeLock was selling a bill of goods to its four million customers.
Tactical Rabbit shared its findings with the FBI, law enforcement agencies and the Federal Trade Commission (FTC). In 2015, the FTC made a return visit to LifeLock’s headquarters. Not long after that, the FTC announced that LifeLock would be forced to pay $100 million to settle charges that it had failed to properly protect its customers’ data. The FTC also concluded that LifeLock’s promise that it could stop identity theft was a myth, and that its fraud alerts didn’t quickly alert customers when potential trouble arose.
As part of the massive FTC settlement, LifeLock was required to refrain from misrepresenting how much it can do to safeguard customers from identity thieves. The company, which is now owned by cyber security giant Symantec, was also forced to implement a data security program. “This is the largest monetary award obtained by the Commission in an order enforcement action,” the FTC wrote. The resolution was gratifying to Stern, who has dedicated his career to protecting the “little guy” from unscrupulous corporations and individuals.