BrandWikiReturn

LifeLock

LifeLock is identity theft prevention software, initially sold by the LifeLock company, and now sold by Gen. The software was marketed as NortonLifeLock after 2017 and is also bundled with several Norton 360 products. LifeLock monitors for identity theft, the use of personal information, and credit score changes.[1][2]

History

Corporate governance

LifeLock was co-founded in 2005 by Robert J. Maynard and Todd Davis in Tempe, Arizona.[3][4]

Maynard resigned from LifeLock in June 2007 following a story published in Phoenix New Times that questioned claims that his identity was stolen.[5][6][7] Maynard, Jr. was succeeded by co-founder Todd Davis the same year.

The same year, Davis publicly posted his Social Security number as part of a 2007 ad campaign to promote the company's identity theft protection services. Between 2007 and 2008, Davis reported 13 instances of identity theft.[8][9] Davis later stated that the campaign was intended to emphasize the risks of data breaches and promote identity protection.[10]

In 2012, Hilary Schneider joined the company as president and Roy C. Guthrie joined as lead director.[11][12] Four years later, in 2016, the company announced that Schneider would replace Todd Davis as CEO.[11] Davis stepped down from his position and assumed the role of executive vice chairman of the board.[12] Roy C. Guthrie assumed the role of chairman.[12]

Funding

The company started with $2 million in seed funding followed by another $5 million in its Series A funding in 2006 from Bessemer Ventures.[13]

LifeLock raised $6 million in its Series B funding from Kleiner Perkins Caufield & Byers in April 2007.[13] The following January, its Series C Funding raised $25 million, led by Goldman Sachs Group, Inc.[14] In August 2009, a Series D funding round raised $40 million for the company.[15] In March 2013, LifeLock raised $100 million in new equity funding from Bessemer Ventures Partners, Goldman, Sachs & Co., Kleiner Perkins Caufield & Byers, Symantec Corporation, and River Street Management.[16] The funds were used towards the acquisition of ID Analytics, an identity theft risk prediction technology.

In 2012, LifeLock filed for an initial public offering (IPO). announced plans to take its identity theft protection business public[17] The company was listed on the New York Stock Exchange beginning on October 3, 2012, trading under the symbol LOCK.[18] LifeLock filed a form with the Securities and Exchange Commission to voluntarily deregister its common stock in 2017 post its acquisition by Symantec for $2.3 billion.[19]

Acquisitions, partnerships and mergers

In December 2008, LifeLock entered into an agreement with TransUnion to automate customer credit monitoring alerts.[20]

In March 2012, LifeLock acquired ID Analytics, which operates independently as a wholly owned subsidiary.[21] That August, LifeLock announced its initial public offering (IPO).[22]

LifeLock acquired Lemon Wallet, a digital wallet platform, for $42.6 million, in late 2013.[23][24][25]

LifeLock was acquired by Symantec on February 9, 2017 for $2.3 billion.[26] After Symantec sold its enterprise division to Broadcom, the company was renamed to NortonLifeLock in November 2019. The parent company was further renamed to Gen Digital in 2022, following the merger of NortonLifeLock and Avast.[27][28][29]

Controversies

As part of a 2009 settlement with Experian related to false fraud alerts allegations, LifeLock released a service that did not rely on fraud alerts.[30][31][32]

Federal Trade Commission fines

LifeLock was fined $12 million by the Federal Trade Commission in March 2010 for deceptive advertising.[33] The FTC called the company's prior marketing claims misleading to consumers by claiming to be a 100% guarantee against all forms of identity theft after the co-founder posted his social security number on billboards and commercials to promote the company's “anti data theft protection”.[34]

In 2015, the FTC found LifeLock to be in contempt of the 2010 agreement, stating that they "failed to establish and maintain a comprehensive information security program", and "falsely advertised that it protected consumers' sensitive data". The FTC obtained a $100 million penalty against LifeLock to settle the contempt charge. Of that fine, $68 million was held for class-action refunds to LifeLock customers.

Cybersecurity incidents

2015 refer a friend Security Flaw

In July 2015, security researchers Eric Taylor and Blake Welsh disclosed a cross-site scripting vulnerability on LifeLock’s "refer a friend" webpage. According to The Register, the flaw could have allowed attackers to inject malicious JavaScript, creating opportunities for phishing attempts or account takeover. LifeLock took the affected page offline after being notified and stated that no customer data had been compromised.[35][36][37]

2018 subscriberkey Security Flaw

In July 2018, a flaw was discovered on LifeLock's website that exposed millions of customer email addresses. The security breach involved a numeric subscriberkey parameter which could be sequentially enumerated, allowing anyone to retrieve the email addresses tied to those keys. The flaw was found on a page that allowed unsubscribing from emails. A security researcher, after receiving a marketing email, accessed a link that showed his own subscriberkey. He then wrote a proof-of-concept script to auto-increment the subscriberkey values, retrieving approximately 70 email addresses before stopping. The company took the website offline after being notified, and stated the issue was limited to the marketing opt-out page managed by a third party. [38][39]

2022 credential stuffing attack

In December 2022, LifeLock servers suffered an attack using credential stuffing, and over 6,000 user accounts had their details disclosed, including names, addresses, and phone numbers. The method of attack was to use credentials from previous unrelated breaches. This resulted in a large number of failed login attempts on 16 December 2022. Notification of the breach was sent in January 2023.[40][41][42]

2015 refer a friend Security Flaw

In July 2015, security researchers Eric Taylor and Blake Welsh disclosed a cross-site scripting vulnerability on LifeLock’s "refer a friend" webpage. According to The Register, the flaw could have allowed attackers to inject malicious JavaScript, creating opportunities for phishing attempts or account takeover. LifeLock took the affected page offline after being notified and stated that no customer data had been compromised.[35][36][37]

2018 subscriberkey Security Flaw

In July 2018, a flaw was discovered on LifeLock's website that exposed millions of customer email addresses. The security breach involved a numeric subscriberkey parameter which could be sequentially enumerated, allowing anyone to retrieve the email addresses tied to those keys. The flaw was found on a page that allowed unsubscribing from emails. A security researcher, after receiving a marketing email, accessed a link that showed his own subscriberkey. He then wrote a proof-of-concept script to auto-increment the subscriberkey values, retrieving approximately 70 email addresses before stopping. The company took the website offline after being notified, and stated the issue was limited to the marketing opt-out page managed by a third party. [38][39]

2022 credential stuffing attack

In December 2022, LifeLock servers suffered an attack using credential stuffing, and over 6,000 user accounts had their details disclosed, including names, addresses, and phone numbers. The method of attack was to use credentials from previous unrelated breaches. This resulted in a large number of failed login attempts on 16 December 2022. Notification of the breach was sent in January 2023.[40][41][42]

See also

References

  1. Debbie Carlson. Protect financial information from theft Chicago Tribune, January 31, 2014, retrieved May 30, 2014^
  2. Emily Jane Fox. 4 things to do after your credit card has been hacked CNN Money, December 19, 2013, retrieved May 30, 2014^
  3. What Happened in Vegas... Phoenix New Times, 2007-05-31, retrieved 2026-02-17^
  4. LifeLock co-founder joins advisory board of Phoenix-based Dovly Phoenix Business Journal, 2020-12-04, retrieved 2026-02-17^
  5. Ray Stern. What Happened in Vegas Phoenix New Times, 30 May 2007, retrieved 14 November 2021^
  6. Kim Zetter. LifeLock Founder Resigns Amid Controversy Wired, 2007-06-11, retrieved 2019-04-19^
  7. Chris Casacchia. LifeLock founder resigns amid questions about his past bizjournals.com, 2007-06-12, retrieved 2007-06-19^
  8. Kim Zetter. LifeLock CEO's Identity Stolen 13 Times Wired, 2010-05-18, retrieved 2016-12-17^
  9. Jaikumar Vijayan. LifeLock CEO said to be victim of identity theft 13 times Computerworld, 2010-05-19, retrieved 2019-04-19^
  10. Ilana Lowery. LifeLock CEO shares more than SSN in first 'Reporter's Notebook' event Phoenix Business Journal, February 20, 2014, retrieved May 30, 2014^
  11. Former Top Yahoo Exec Hilary Schneider Promoted to CEO of LifeLock Fortune, retrieved 2020-02-13^
  12. LifeLock Names Hilary Schneider CEO, Succeeding Todd Davis Gen Digital Newsroom, retrieved 2026-02-17^
  13. Om Malik. Lifelock gets $6 million from Kleiner Perkins Gigaom, April 23, 2007, retrieved May 30, 2014^
  14. Kress, Adam. LifeLock gains $25 million in third-round funding to support growth Phoenix Business Journal, January 23, 2008, retrieved May 30, 2014^
  15. Marshall, Matt. Symantec helps pump $40M into identity theft protection company Lifelock VentureBeat, August 5, 2009, retrieved May 30, 2014^
  16. O'Grady, Patrick. LifeLock gets $100 million investment, purchases ID Analytics Bizjournals.com, March 14, 2012^
  17. Lifelock expects to price IPO at $9.50-$11.50 MarketWatch, retrieved September 25, 2012^
  18. LifeLock IPO brings in about $141 million www.bizjournals.com, retrieved 2020-02-13^
  19. M. E. Staff 8-k. LifeLock, Inc. (NYSE:LOCK) Files An 8-K Termination of a Material Definitive Agreement - Market Exclusive retrieved 2020-02-13^
  20. O'Grady, Patrick. LifeLock, TransUnion team to fight identity theft 2008-12-17, retrieved 2008-12-18^
  21. Rao, Leena. Identity Theft Protection Company LifeLock Raises $100M From Kleiner, Symantec; Acquires ID Analytics TechCrunch, March 15, 2012, retrieved May 30, 2014^
  22. Security company LifeLock files for IPO of up to $175 million Reuters, 2012-08-28, retrieved 2020-02-13^
  23. Fitchard, Kevin. LifeLock buys mobile wallet Lemon for $42.6M Gigaom, December 12, 2013, retrieved May 30, 2014^
  24. Fiegerman, Seth. LifeLock Acquires Lemon App For $42 Million to Develop Digital Wallet Mashable, December 12, 2013, retrieved May 30, 2014^
  25. Sarah Perez. LifeLock Acquires Mobile Wallet Platform Lemon For $42.6 Million, Launches LifeLock Wallet TechCrunch, December 12, 2013, retrieved May 30, 2014^
  26. Symantec to acquire LifeLock for $2.3 billion Reuters, 2016-11-20, retrieved 2022-03-19^
  27. NortonLifeLock Merges With Avast to Form New Company Called 'Gen' PCMAG, retrieved 2023-03-01^
  28. Brett Molina. Symantec to acquire LifeLock for $2.3B USA Today, retrieved 2016-11-21^
  29. Symantec completes acquisition of Tempe's LifeLock for $2.3B www.bizjournals.com, retrieved 2019-11-14^
  30. Fraud-prevention pitchman becomes ID theft victim retrieved 2008-05-22^
  31. Maurna Desmond. Experian Sues LifeLock For 'Abusing' Fraud Alert System Forbes, 2008-02-21, retrieved 2012-09-11^
  32. Andrew Johnson. LifeLock, Experian settle case over alerts The Arizona Republic, Gannett Company, 2009-10-23, retrieved 2019-04-19^
  33. Ryan Singel. LifeLock's IPO Is Unimpressive, But Not as Bad as Its Checkered Past Wired, 2012-10-03, retrieved 2019-04-19^
  34. LifeLock, Inc., a corporation Federal Trade Commission, 9 March 2010, retrieved 14 March 2019^
  35. Pauli Darren. Identity protection outfit LifeLock picked, popped The Register, July 1, 2015, retrieved September 14, 2025^
  36. John Biggs. Vulnerability In Security Service Lifelock Could Have Exposed Logins And Passwords TechCrunch, June 30, 2015, retrieved September 14, 2025^
  37. Dennis Fisher. LifeLock Patches XSS That Could’ve Led to Phishing Threatpost, July 1, 2015, retrieved September 14, 2025^
  38. Brian Krebs. LifeLock Bug Exposed Millions of Customer Email Addresses Krebs on Security, July 25, 2018, retrieved September 14, 2025^
  39. Duncan Riley. LifeLock exposes customer data via email unsubscribe vulnerability SiliconANGLE, July 26, 2018, retrieved September 14, 2025^
  40. Norton LifeLock says thousands of customer accounts breached uk.news.yahoo.com, 2023-01-15, retrieved 2023-01-16^
  41. Zack Whittaker. Norton LifeLock says thousands of customer accounts breached TechCrunch, January 15, 2023, retrieved September 14, 2025^
  42. Jonathan Greig. Norton LifeLock says 925,000 accounts targeted by credential-stuffing attacks The Record, January 16, 2023, retrieved September 14, 2025^