Former Exec Blows Whistle on LifeLock

      PHOENIX (CN) - A former chief information security officer claims in court that LifeLock fired him for objecting that it turned off or limited the number of alerts sent to its elderly customers to reduce the calls to its customer support center.
     Michael Peters sued Kim Jones, the chief information security officer for Peters' former employer; Cristy Schaan, the current chief information security officer for LifeLock; and LifeLock, in Federal Court.
     LifeLock sells security theft protection. It has been sued more than 80 times in recent years, according to the Courthouse News database, including a securities fraud class action brought by shareholders this month who claim the company failed to comply with a 2010 Federal Trade Commission settlement order. The FTC settlement stated that LifeLock has misled customers to believe they were receiving services that they were not; the news caused its share price to fall more than 6 percent.
     In his lawsuit, Peters claims he started an initial risk assessment for the company and uncovered "many instances of illegal and incompetent practices that constituted fraud against LifeLock's shareholders."
     Among his findings was a revelation by LifeLock employee Dave Bridgman that "LifeLock would turn off or reduce the services alerting elderly customers to reduce the call volume received by LifeLock's customer support center," according to the complaint.
     Peters says he found this fraudulent since LifeLock "sold its services to the general public without any disclosure that alert services would be limited for certain segments of the population."
     According to the complaint, LifeLock was finalizing a new product, PassLock, which "would be identified by most service providers as intrusive, illegal, illegitimate, and then blacklist the source address."
     PassLock was designed to "crawl" through the Internet to check a customer's username and password using a third-party cloud hosting business, without that party's knowledge.
     The cloud hosting service "would suffer significant business damage and LifeLock could face significant liability, thereby damaging its shareholders," Peters claims.
     The lawsuit claims LifeLock's shareholders would be damaged if there was a security breach because "LifeLock's internal capacity for governance implemented (policies, audit plan, change controls, architectural review, etc.) was at 47 percent of the minimum to protect LifeLock's customers and their sensitive information."
     Also, the company's "technological security readiness (intrusion prevention, data leakage, data encryption, access controls, physical security, etc.) was only at 27 percent of the minimum to protect LifeLock's customers," and its security vigilance was at zero percent of the minimum. (Parentheses in complaint.)
     Peters says he met separately with LifeLock's chief financial officer, Chris Power, and chief information officer, Rich Stebbins, to disclose the findings of his initial assessment, and the company fired him.
     He says LifeLock directed its in-house special counsel for labor and employment, Michelle Deutsch, to find grounds to fire him. Deutsch contacted Peters' former employer, Vantiv (formerly known as Fifth Third Processing Solutions), where she was incorrectly informed by an employee that Peters was fired, though he had resigned, Peters says.
     LifeLock employee defendant Cristy Schaan conducted her own private investigation of Peters's employment at Fifth Third Processing Solutions, and was told through an email by defendant Kim Jones, the chief information security officer at Vantiv, "all sorts of false and negative things about Peters," according to the complaint.
     LifeLock used Peters' statement on his employment application that he resigned to move with his wife, a member of the U.S. Army, and family to Georgia as cause to fire him, the lawsuit says.
     When Schaan found out LifeLock was close to firing Peters, she provided Stebbins with a copy of her email from Jones, the complaint states. Within 30 days of firing Peters, Schaan was appointed LifeLock's chief information security officer.
     Peters seeks damages for violation of whistleblower protections and defamation. He is represented by Michael Blair of Baird, Williams & Greer.