LifeLock Review 2017

Let us begin our LifeLock review by observing that they are one of the premier companies in the identity theft protection arena. Like most people, you probably see identity protection as a nice but not essential thing. As the Internet becomes more integrated in your daily life, this is beginning to change. The number and scope of data breaches has been increasing over the recent past and this trend is expected to continue into the future. The recent PII (Personally Identifiable Information) data breach at one of our primary credit bureaus, Equifax has brought this to the forefront for over 143 million Americans. Signing up for Lifelock’s array of services will help you to monitor and guard your real life identity. Additionally it will give you the peace of mind that should your identity be compromised, their protection service will provide the help you need to recover it.

LifeLock Review

LifeLock Service Pricing

LifeLock offers their service using three different plans. The plan that you choose determines the type and level of monitoring protection you receive, your maximum monetary reimbursement for lost funds, and other additional asset protection features. Their primary plans are Standard, Advantage, and Ultimate Plus. LifeLock prices these as follows:  Standard; $9.99/month, Advantage; $19.99/month, and Ultimate Plus; $29.99/month.

However, our readers can take 10% off of their regular plan prices for the first billing period, as well as, enjoy a 30 day risk-free period of their service. A credit/debit card is necessary to take advantage of this discount.

LifeLock Pricing

This means that you can now subscribe to their Standard plan for 8.99/month, Advantage plan for $17.99/month, and Ultimate Plus plan for 24.99/month for your first subscription period. If you want to maximize your Lifelock plan discount, you should subscribe to a yearly membership. You can pay for the Lifelock array of services using most major credit/debit cards. We will examine these plans in greater detail later in this LifeLock review after we discuss what constitutes identity theft and its many forms.

LifeLock Money Back Guarantee

As we stated, our readers can take advantage of a current 30 day risk-free period being offered by LifeLock. All that is necessary is a credit card to subscribe to it. This will let you use their suite of identity protection services. Additionally, you can see how their LifeLock Privacy Monitor software can help monitor and guard where and how your PII is found on the Internet.  You can also test some the other LifeLock features to see if the service is right for you.

In addition to this, they also have a 60 day money back guarantee for those who subscribe to yearly memberships. If you call or contact them through your account on their web portal within 60 days of subscribing to one of their annual memberships, they will refund your purchase price. After the 60 day period they will provide you a pro-rated refund based on the remaining months of your subscription term.

This guarantee also applies to renewal periods. No guarantee is provided for month-to-month subscriptions.

Visit LifeLock

How LifeLock Protects You Against Identity Theft

To understand the services that LifeLock offers, you must first understand what identity theft is and the variety of forms that it can take. After this, you will have a better understanding of the plans they offer and be able to choose the best one for you based on your financial situation, online and offline habits, and degree of asset protection required. At the least, it should become clear to you that everyone needs some level of identity theft protection.

What is Identity Theft?

Congress passed the Identity Theft and Assumption Deterrence Act in 1998 which defines identity theft or fraud as, “Whoever knowingly transfers or uses, without lawful authority, a means of identification of another person with the intent to commit, or to aid or abet, any unlawful activity that constitutes a violation of Federal law, or that constitutes a felony under any applicable State or local law;”. Put in simpler terms, identity theft involves anyone who knowingly uses another person’s personal information to assume his or her identity to commit a crime. The purpose of this crime is usually to obtain some sort of monetary gain.

Types of Identity Theft

Although most identity thefts are for financial gain, other types of identity theft exist. Because of this, merely monitoring your credit is not the most effective way to guard against it.  There are actually eight or nine types of identity fraud according to how you classify them. They include the following:

  • Social Security Number identity theft – Your Social Number (SSN) is one of the critical pieces of PII (Personally Identifiable Information) that defines individuals in the United States.  Having access to it can allow criminals to collect other PII which will aid them in assuming your identity and lead to other types of identity theft. It can also let them manufacture other forms of ID like passports and driver’s licenses although new security features employed in these have made this more difficult.
  • Financial identity theft – As we said this is one of the most common types of identity theft where someone assumes your identity to obtain some financial gain. Criminals gain access to some of your account information.  This along with your SSN could allow them to access current accounts, create new ones, or make other types of financial fraud possible.
  • Driver’s license identity theft – Stealing your driver’s license number or ID, along with other information lets others impersonate you when speeding or committing other moving violations. If they are successful in this ruse, then they can avoid the financial and other punitive measures from these violations.  What is more since the authorities will be looking for you, these violations will be added to your record. This could cause problems for you which could range from financial obligations to the loss of your driving privileges.
  • Criminal identity theft – Once a criminal has obtained enough information and documentation, he may be able to fool police into believing that he is you if caught in a criminal activity. This activity could be anything from simple theft to murder. Unfortunately if he is successful in this deception, you will be the one the authorities will be looking for when he fails to show up for his court date. This could lead to real problems for you as it could be hard to convince them that you did not commit the crime without professional help. Police and other authorities tend to be cynical when people profess their innocence.
  • Medical identity theft – Individuals who obtain your personal medical information and medical identification numbers can access medical services and receive medications in your name.  This combined with insurance fraud can not only lead to financial hardships for you but also could be life threatening. This is possible because your medical history follows you and can affect the care and services provided by your physicians. It is also one of the hardest types of identity theft to mediate as you have little or no control over the information contained in your medical history, This makes it hard to dispute. Having an expert to help you fix you medical record is a necessity.
  • Insurance identity theft – This type of identity theft is generally directly related and often grouped with medical identity theft. Unauthorized use of your insurance information can result in higher premiums for you and depending on the terms of your plan could lead to extra cost associated with your own medical assistance.
  • Synthetic identity theft – This is a hybrid form of identity theft which involves using your SSN along with the made-up names, addresses, and possibly PII from other victims to create new identities.  These new identities can then be used to perpetrate all of the other forms of identity theft.  They do this to confuse you, other victims, the authorities, lenders, and everyone else. At the heart of this deceit is your SSN.
  • Tax identity theft – By using your SSN and name, criminals can file for and fraudulently obtain your tax refund. This can make it hard for you to file and receive your legitimate refund. In some case, it can lead to extended refund delays and possible loss of your funds.
  • Child identity theft – Using the PII of children has become more popular because their credit has not been established yet. This makes it easier to use their info for fraudulent activities as it could be many years before these activities are even noticed. The first sign that anything is amiss could be when your son or daughter applies for a loan to get their first car.

Visit LifeLock

How does the LifeLock Service Work?

LifeLock nor anyone else can prevent data breaches because, as you will read in a moment, they have been increasing in both number and severity for many years. What is more, this trend is not likely to subside with the advent of more Internet of Things (IoT) devices being introduced to our daily lives. Additionally, many of these breaches are caused by human error which cannot be completely eliminated. We will discuss more about this when we examine some of the major breaches and look at identity theft trending data later in our review.

LifeLock is a suite of services that do three basic things to help protect you from identity fraud or allow you to catch it before it goes to far. This can limit its effects on your personal life and make it easier to mediate. These services operate using three levels of protection: monitor and detect, alert, and restore. Additionally, they provide the extra benefit of reimbursing out-of pocket expenses when necessary. Now, let us examine each of these in closer detail.

Monitor and Detect

The first level of protection provided by Lifelock is to monitor and detect your pertinent PII on a variety of databases and websites. It is able to do this by leveraging ID Analytics’ unique cross-industry repository of near real-time consumer information which provides a comprehensive perspective on identity and credit risk. This repository is known as the ID Network. This repository allows them to observe your current PII and use state-of-the-art analytics that combines an expert rules system and behavioral analysis to predict identify fraud and perform risk analysis reviews with very little latency.

Alert

The second level of protection offered by their suite of services once an event has been detected is to alert you and determine if you are aware of it. Their proprietary LifeLock Identity Alert System notifies you of a possible fraud issue.  This alert is made by email, text, or phone. The means of delivery is your choice.  This alert is interactive and requires a response from you allowing them to determine if the transaction is indeed suspicious.

Restore

Once the suspicious activity has been verified, further investigation is warranted. If it is found to be a case of identity theft or fraud, other instances are scanned for and the restore process is implemented. The restore remediation procedure involves the following eight steps:

  • You give them a limited power of attorney so they can legally work on your behalf.
  • LifeLock gathers all necessary information needed to present your case.
  • They set a 7-year fraud alert on your behalf to the credit reporting agencies.
  • Locklock will begin mediating claims against you and processing credit disputes.
  • They will submit your insurance claim to the proper authorities.
  • Expert legal representation will be retained for you and any court costs will be covered.
  • To guard against future fraud, they will organize and catalog your case file for easy access.
  • You will receive a credit report showing that all identity theft info has been removed.

Many of these things you could probably do by yourself and you will have to help LifeLock and provide some extra information during the restore process. However, having their expert guidance can save you some time and heartache while your identity is being restored.

Reimbursement Benefit

In addition to these three levels of protection, LifeLock will reimburse you for the following out-of-pocket expenses that you might have incurred to restore your identity.

  • Cost of replacing documents.
  • Traveling expenses.
  • Loss of income.
  • Stolen handbag, purse, or wallet.
  • Childcare and elderly care.
  • Travel assistance.
  • Fraudulent withdrawals.
  • Legal costs.
  • Remediation services costs.
  • Case management services costs.

LifeLock will spend up to one million dollars to recover your identity. In addition they will also reimburse you for funds stolen from your accounts (not covered by other sources) up to your plan policy’s limit.

Visit LifeLock

Analysis of LifeLock Plans

You now have a better understanding of identity theft and its various forms. Using this knowledge, let us take a closer look at the three primary plans offered by LifeLock. Specifically, examining the types of identity theft protection they monitor and alert you to. First we will look at the features common to all LifeLock plans. Then we’ll take a closer look at what each plan monitors and provides alerts on.

Features Common to All LifeLock Plans

  • U.S.-Based identity restoration specialists – If your identity has been compromised, a specialist will be assigned to help you restore it
  • 24/7 live member support – All subscribers have access to trained identity protection agents who can answer their questions.
  • Reduce pre-approved credit card offers – LifeLock will request that you be removed from pre-approved credit card lists. You can do this for free at the official website created by the credit bureaus but is nice to have it offered as an added convenience of the LifeLock service.
  • Lost wallet protection – Should your wallet or purse be lost or stolen, contact them and one of their agents will help you cancel or replace your credit/debit cards, driver’s license, insurance cards, and other documents. They can also provide guidance in reimbursement for any cash that may have been lost.
  • LifeLock Privacy Monitor – They will scan public people-search sites for your information and tell you what you need to do to op-out of those you do not want it to appear on. This will limit you PII footprint on the Web and make it harder for identity thieves to get the information they need.
  • LifeLock Identity Alert System – LifeLock will monitor for fraudulent or suspicious use of your SSN, name, address, or date of birth to obtain credit and some other services. They will alert you by text, email, or phone if any are found. These alerts are interactive and require your response to verify that they could indicate that your identity is being hijacked.

LifeLock Standard Plan

The alerts provided by the standard plan include the following:

  • Your personal info on service and credit applications – These alerts provide you some measure of financial identity theft security by letting you guard against fraudulent credit applications made using your personal information. Opting out of pre-approved credit offers helps you to monitor this.
  • Your personal information on the Dark Web – Alerts generated by scanning thousands of Dark Web sites for the existence of your PII can warn you to increase your vigilance as your risk of identity theft has increased substantially. You should probably have a 7-year fraud alert placed with the credit bureaus and consider placing a freeze on them. LifeLock agents can help you analyze your risk, present options, and recommend actions to help you monitor this more closely.
  • A request to change your address – Knowing that someone may be trying to change your address without your knowledge can alert you to possible financial identity theft, tax identity theft, medical and insurance identity theft as well as others as this is generally the first step in many types of identity theft.
  • Fake personal information connected to your identity – This can alert you to the possibility that someone is trying to use your SSN to secure a new identity. This new identity can then be used to establish new financial, medical, and authoritative documentation. Since they are using your SSN, many of these can interfere with and confuse others as to your true identity.

As you can see, even the LifeLock Standard Plan can provide some basic protection against many forms of identity theft. It provides a lower cost option for those whose finances may not require or support a higher level of identity theft monitoring. LifeLock Standard also includes credit monitoring through one bureau.

As some others have pointed out LifeLock uses Equifax as its primary bureau for credit monitoring. Given Equifax’s recent data breach, this might be a concern for some readers. To address this LifeLock has stated that none of their shared information was involved in the recent breach. Nonetheless, they are monitoring the current investigation and awaiting its conclusion. At which point, they will examine their shared Equifax data and take any steps necessary to ensure its continued security.

Visit LifeLock

LifeLock Advantage Plan

The LifeLock Advantage Plan provides all of the alerts of LifeLock Standard, along with the following extras:

  • Your personal info on criminal arrest and court booking records – LifeLock scans are expanded to include arrest and court records for your name and date of birth. This allows you to see if someone is using your PII to commit some form of criminal fraud and take steps to correct this before authorities come looking for you when the criminal fails to go to court.
  • Large-scale breaches – You will receive alerts when new breeches occur so that you can make sure that your PII was not compromised in one of them.
  • Cash withdrawals, transfers and large purchases from your credit, checking and savings accounts – By providing information regarding you account credentials, LifeLock will be able to monitor your existing accounts and alert you of transactions that it considers suspicious. This can allow you to not only monitor when someone tries to create new accounts in your name but also monitor existing ones.

For those who have more financial resources, the LifeLock Advantage Plan may be a better choice as it increases the scan coverage from that offered by their standard plan. This allows LifeLock to provide you extra protection against different forms of criminal identity fraud. It also increases your protection against SSN, financial, and other forms of identity theft. LifeLock Advantage members also receive credit monitoring through one bureau (Equifax) and receive an annual credit report and score from them.

LifeLock Ultimate Plus Plan

The LifeLock Ultimate Plus Plan includes all of the alerts of the two lower level plans along with extra monitoring and alerts for the following:

  • New bank account applications with your personal info – Scanning and monitoring is expanded to look for the creation of new checking and savings accounts across the United States.
  • Takeover or new name added to your bank accounts – LifeLock monitors your existing accounts for takeover attempts or the addition of unauthorized names added to them.
  • Investment/401(k) account activity – Monitor the accounts that you have created over a lifetime against tampering. This can alert you to fraudulent withdrawals, balance transfers, or other transactions.
  • Your personal info on file-sharing networks – Monitoring and alerts will be expanded to include the use of your name, SSN, date of birth or contact information on common video, audio, photo, and file-sharing websites. This can alert you to someone using your identity to obtain these goods or posting media in your name.
  • Your name on the Sex Offender Registry – This can let you know if your name has been erroneously added to this registry so that you can immediately begin procedures to have it removed. This could be very hard to accomplish as names added to this registry are on it for life and having a LifeLock trained agent to help you remove your name could be essential.
  • Priority member support – You will receive priority access to support agents for your questions.

The LifeLock Ultimate Plus Plan provides the best overall protection against all forms of identity theft but it is also the most expensive. Therefore it is the best plan option for those whose finances and lifestyle require it. Person(s) who have the main fiduciary responsibilities for your family are a good candidate for this extra identity theft protection. Members also receive credit monitoring of Equifax, Experian, and TransUnion, as well as, annual credit reports and scores from each. Additionally, you will also receive monthly credit scores from Equifax.

Auxiliary LifeLock Identity Fraud Protection Plans

Once you have a primary LifeLock account, you can elect to purchase two types of auxiliary plans: LifeLock Junior for your children and LifeLock Senior for your parents.  This will allow you to protect and monitor the identities all of your family members.

LifeLock Junior Features

  • LifeLock Identity Alert System
  • Stolen funds reimbursement
  • Service guarantee for lawyers and experts
  • Black market website surveillance
  • Credit file detection
  • File-sharing network searches
  • Lost wallet protection
  • Identity restoration support
    Price: $5.99/month or $65 annually

Most of these have previously been explained so they will not be repeated here. Of particular note are credit file detection which is often a sign that your child’s identity has been compromised. The addition of file-sharing network searches is also of note because children often use such sites to download music and other media.

The last auxiliary plan is LifeLock Senior. Subscribing your parents up for this plan will allow them, as well as, you to monitor their PII alerts. Their permission will be necessary to set this up. This can allow you to respond to alerts in their stead and help guard them against identity theft.

LifeLock Senior Features

  • Member support & U.S.-based restoration team
  • Bank & credit card activity alerts
  • Bank account takeover and new account alerts
  • Investment/401(k) account activity alerts
  • Home title monitoring
  • Address change verification
  • Black market website surveillance
  • Lost wallet protection
  • LifeLock Identity Alert System
  • Data breach notifications
  • Fictitious identity monitoring
  • Court records scanning
  • Reduced pre-approved credit card offers
    Price: $19.99/month

Not surprisingly, this account has many of the features found in the Ultimate Plus membership with the addition of home title monitoring. Their home is oftentimes a major asset for parents of adult children and therefore a major target of those with criminal intent. Being able to monitor it for liens, loans, or other title changes can be essential for protecting the finances of older individuals.

LifeLock Mobile App

Lifelock also has a mobile app for both Android and iOS devices.  The Android app requires Android 4.2 and up. The iOS app is compatible with iPhone, iPad, and iPod touch running iOS 9.3 or later. Downloading their mobile app will allow you to monitor and respond to your LifeLock alerts directly from your phone. If you do not yet have an account, you can use the app to sign up for one. The app will let you directly monitor all of the accounts covered by your membership level from the palm of your hand. LifeLock App features include the following:

  • LifeLock Identity Alert System will send alerts directly to your mobile device.
  • The app will allow you to respond to fraud alerts immediately.
  • You can contact LifeLock protection agents if you notice suspicious activity.
  • You can contact LifeLock Member Services with in-app calling.
  • Advantage users can easily access credit information with your annual credit score.
    Ultimate Plus members see credit scores from all three credit bureaus and are able to track month-to-month changes to their credit information.

Visit LifeLock

Brief History of Major Breaches

Now let us look at why we think everyone needs to have some form of protection against identity theft.  We illustrate this by examining some to the biggest data breaches. Next we will show that these breaches are expanding in scope and this trend is expected to continue.

Major US Data Breaches

  • Equifax, 2017
    Accounts compromised: 143 million
    Taken: names, SSNs, birth dates, street addresses and some driver’s license numbers
    Occurred: Mid-May to July 2017
    Disclosed: September 7, 2017
  • FriendFinder, 2016
    Accounts compromised : 412 million
    Taken: User data and poorly protected passwords, released in cybercrime forums
    Occurred: Mid-October 2016
  • Experian September 2015
    Accounts compromised: 15 million
    Taken: name, address, SSN, date of birth, identification number (typically a driver’s license, military ID or passport number)
    Exposed: October 2015
  • Anthem, December 2014-2015
    Records compromised: 80 million patient and employee records
    Exposed: names, dates of birth, Social Security numbers, email addresses, employee income data
    Disclosed: January 2015
  • Ashley Madison, 2015
    Accounts compromised: 33 million
    Taken: email addresses, first and last names and phone numbers
  • eBay, 2014
    Accounts compromised: 145 million including personal information.
    Taken: customer names, encrypted passwords, email addresses, physical addresses, phone numbers and dates of birth
  • JPMorgan Chase, 2014
    Accounts compromised: 76 million households and 7 million businesses
    Taken: usernames, addresses, phone numbers and email addresses
    Affected: Sensitive financial and personal information of 76 million households and 7 million small businesses.
  • Home Depot, 2014
    Accounts compromised: 56 million credit card accounts and 53 million email addresses
    Taken: 56 million credit card accounts and 53 million email addresses
  • Yahoo, 2014
    Accounts compromised : 500 million
    Taken: real names, email addresses, dates of birth and telephone numbers, and protected passwords hashed with Bcrypt
    Disclosed: September 2016
  • Yahoo, 2013
    Accounts compromised: one billion
    Taken: names, dates of birth, email addresses, security questions and answers and weakly protected passwords.
    Disclosed: December 2016
  • Target Stores, 2013
    Records compromised: 110 million
    Taken: 40 million credit/debit card numbers plus full names, addresses, email addresses and telephone numbers of 70 million customers
    Disclosed: December 2013 and January 2014
  • LinkedIn, 2012
    Accounts compromised: 165 million (Disclosed in 2016)
    Taken: user information and poorly protected passwords
    Disclosed: 2012 but indicated only 6.5 million accounts affected
  • Global Payments Inc., 2012
    Accounts compromised 1.5 million card accounts.
    Taken: credit/debit card data
    Cost: The company reported that the breach cost more than $90 million.
  • Sony online entertainment services, 2011
    Records compromised: 102 million
    Taken: login credentials, names, addresses, phone numbers and email addresses and some credit card data
    Disclosed: 2011
  • Tricare, 2011
    Data compromised: about 5 million Tricare military beneficiaries.
  • Citibank, 2011
    Accounts compromised: 360,000 credit card holders.
  • Heartland Payment Systems, 2008-2009
    Records compromised 130 million
    Taken: Credit card information processed for over 250,000 businesses
    Disclosed: 2009

Analysis of Data Breach Trends

Looking at these breaches, it is clear that major breaches have occurred nearly every year. What is more, these breaches are not always immediately disclosed. Some may not be discovered for years, as shown by the Yahoo breaches. Often times, those who have been breached like to tout that no credit information was taken. What many people fail to recognize is this is the simplest form of identity theft to mediate. Additionally, many of these breaches that tout this actually have data that is even more important to identity thieves. This includes SSNs, names, date of births, addresses, and drivers license numbers.

The public breach statistics collected by Gemalto, (a security risk assessment company) and presented by informatics graphics show that an increasing number of records are exposed each year. They have been keeping statistics on data breaches since 2013. According to them over 9 billion records have been lost or stolen since 2013. This works out to 60 records a second. Just in the first half of 2017 over 1.9 billion records have been exposed or taken or 122 records a second thanks to two major data breaches. These statistics don’t even include the recent Equifax loss of data from 143 million accounts.

These statistics also show that the three primary sources of these data breaches are malicious outsider (hacking/skimming/phishing), accidental/careless, and malicious insiders. Furthermore, the primary types of attack were identity theft, financial access, and account access. Another glaring deficiency pointed out by these statistics is that only 4% of all the breaches involved had even partially encrypted data. Finally, these statistics point to an increase in the number and scope of data breaches in the future. Data from the Identity Theft Resource Center point to the same conclusion.

Visit LifeLock

Anatomy of Credit Bureau Data Breaches

A lot is being written about the current Equifax data breach which potentially exposed the PII of 143 million American consumers. However this is not the first data breach associated with one of the major credit bureaus. Experian has had its share of security issues as well.

Experian T-Mobile Data Breach: 2015

On October 1, 2015, Experian in a news release admitted to a data breach of one of their business units but not its consumer credit bureau. They were quick to point out that no payment card or banking information was acquired. They did this because people associate this with meaning that the breach was not serious. Unfortunately, the data included PII for approximately 15 million T-Mobile consumers in the US, including those who applied for T-Mobile USA postpaid services or device financing from September 1, 2013 through September 16, 2015.

This data included names, dates of birth, addresses, and Social Security numbers and/or an alternative form of ID like a drivers’ license number, as well as additional information used in T-Mobile’s own credit assessment. They later amended alternative ID to include driver’s license numbers, military ID, or passport numbers. This information is nearly everything that an identity thief would need to impersonate an individual. What on the Dark Web is called a fullz and worth more when packaged with just a few more personal details, which they can often find from other sources.

Even though they downplayed the seriousness of the breach, their actions indicated that they knew it was more serious. They reported the incident to the proper agencies and started issuing mail alerts to those who they had the latest addresses for. They also offered all those affected two free years of their credit monitoring and identity resolution service. One year is usually what is provided. Additionally, they told those affected that they could place a free freeze on their credit with Experian. However, unlike the 90-day fraud alert, it would not be automatically applied to the other credit bureaus. They also warned that they would not interact personally with those affected and that consumers should be wary of those calling to request additional information from them.

Later they revealed that although SSNs and IDs were encrypted, they believed they had been compromised. Actions that they took to mitigate the breach seemed to confirm this. T-Mobile later shared that Experian took the following actions to prevent a similar event from occurring in the future.

  • Ensured web application firewalls are working as intended
  • Enhanced the security of their encryption keys
  • Limited authorized access to the server
  • Engaged both U.S. and international law enforcement and cybercrime authorities
  • Increased monitoring of the affected servers and associated systems

This is only a partial list of the remedies taken by Experian and the investigation seems to be ongoing.

Equifax Data Breach: 2017

On Sept. 7, 2017, US credit bureau Equifax reported a data breach that took place from mid-May through July. The breach compromised the PII of about 143 million users.

While this is not the largest breach in US history, it could be one of the worst in terms of identity theft risk. When asked how come they waited so long to notify the public about this breach, Experian’s response was similar to that provided by Experian in 2015. They stated that they first acted to stop the hacker. Then they got an independent forensic evaluation of the breach and its scope. After this complicated process, they started notification of those affected.

The investigation seemed to indicate that the unknown intruder had used the Apache Struts bug to gain access to their system. For those not familiar with it, Apache Struts is a widely used free, open-source framework that many Fortune 500 companies used to create Java applications for the Web. When first discovered back in March, the Apache Struts CVE-2017-5638 vulnerability was considered a zero-day exploit. This meant it could be attacked because no patch for it had been created yet. Their were instances of this vulnerability being taken advantage of by malicious third parties. The owner created a patch for it on March 6 and released it for everyone, along with a strong recommendation that they apply it as soon as possible.

Like many recent breaches, Equifax failed to implement the security basics (patch installation). Equifax for unknown reasons chose not to apply the patch to their system in the intervening two months and ultimately the public paid the price for their decision. Subsequently, criminals obtained names, Social Security numbers, birth dates, street addresses and, in some instances, driver’s license numbers. You may recognize that this is similar to the data obtained by those that hacked Experian in 2015. You may also remember that this is all that an identity thief would need to set up shop and commit various forms of identity fraud.

In addition to this breach, their are reports of a previous unreported breach in March that was mitigated. This makes us wonder why they did not monitor their system better after this initial breach. The FTC is also investigating some suspicious stock trades in this period. This investigation is ongoing.

As a result of this situation, Equifax placed a page on their site where you can enter your last name and last six digits of your SSN to see if your data may have been in this breach. Regardless of whether your data was compromised, the company is offering everyone with a US SSN one year if their TrustedID Premier service. Additionally they were allowing everyone to place a free freeze on their credit information. They have faced some criticism about the problems that people were having while trying to take advantage of these offers due to the increased volume of applicants.

To address this, Paulino do Rego Barros Jr., their interim CEO, has created an Wall Street Journal opinion piece to address this. In it, he discusses moving the organization forward and earning back the public’s trust. He says, he is sorry for the issues consumers have had with their website. As a result, the deadline for applying for free TrustedID Premier and freezes has be extended to the end of January. He also says that by that time Equifax will have a a new service that will allow users to control their own Equifax credit information. It will allow you to lock and unlock your credit file at will. What is more the service will be free for life.

Visit LifeLock

What Happens to Your Data After a Breach?

So, what happens to your PII once it is taken? It is unlikely that the person who stole it will be the one who actually uses it to commit identity fraud. He may offer it for sale on one of the Dark Web sites that function as criminal marketplaces. But more likely, he will offer it to a broker who will act as a middleman and sell it on the marketplace in his stead. The broker may then offer it as is on the market site or he may add it to other data he has to increase its value. Either way, eventually it will end up on a site somewhere and the identity thief will eventually obtain it so that he can use it for his fraudulent activities.

A few things are common to these sites. The more stolen information they have, the more it is worth. Packages of PII on individuals are worth more than most individual pieces. These sites have middlemen who barter the transactions and make sure that both parties hold up their end, similar to the way eBay works. People who provide new useful data get good reputations and those who provide useless out of date data get bad ones. This is similar to the feedback you see on legitimate sites. If you have not realized it yet, these sites function basically like eBay for criminals. They are well organized criminal enterprises.

A review of some articles related to information sellers on the black market shows that credit cards with high limits and other information can still go for up to $20 but low value targets are only worth a few dollars. Health insurance credentials when packaged with other PII could sell for larger amounts, $20 or more. This accounts for the increase in attacks against healthcare industry targets. Fullz or complete packages of a persons identity have more value that most low value credit cards, $15. This is why breaches are becoming more sophisticated and going after higher profile targets like Experian, Equifax, JPMorgan, and others which have access to this package data. Tax data that is packaged with other PII can be worth even more.

LifeLock Review 2017: Conclusions

LifeLock has been in the identity protection business since 2005. They are committed to providing leadership on fraud protection and education. In 2012, they acquired ID:Analytics, a leader in enterprise identity risk management. By combining ID Analytics’ enterprise solutions and proprietary data capabilities with their consumer knowledge, LifeLock has developed a suite of services that can help protect you from identity theft. They recently became a part of the Symantec family so if you are a Norton customer, you can get a package deal for their services. Although LifeLock nor anyone else can guarantee that you will not be a victim of identity theft, they can make it easier for you to mitigate it if you do become a victim.

Lifelock services do three basic things to help protect you from identity theft or allow you to catch and stop it. This can limit its complications and make it easier to restore your identity. These services provide three levels of protection: monitor and detect, alert, and restore. Additionally, they provide funds reimbursement for out-of-pocket expenditures. Their LifeLock Privacy Monitor will help you to decrease your PII footprint on the Web by scanning for your info on search sites and providing information about opting out of them.

They also scan the Dark Web for your information and recommend actions to mitigate your identity theft risk if it is found. They can also monitor other aspects of your life as described in the descriptions of their three primary plans earlier in this LifeLock review. If any anomaly is found, they will alert you through their LifeLock Identity Alert System . This alert requires a response from you. Depending on your response, they will investigate further. If you are found to be a victim of identity theft, they will initiate the procedure to restore your identity and their million dollar guarantee kicks in.

What we liked most about the service:

  • They have plans for all levels of financial needs.
  • The 10% discount they are offering our readers.
  • 60-day money back guarantee.

Ideas to improve the service:

  • Add a combined family plan

They are currently offering a 10% discount on your first subscription term for their service, as well as, a 30-day risk free period. Additionally, they have a 60-day money back guarantee for yearly memberships. You should examine our review of their plans and choose the best one for your needs and test their suite of services for yourself.

Visit LifeLock