Lifelock Wallet, a company whose business is to provide services to protect customers from identity theives, withdraws its app because its is not secure enough. Ouch!

May 20, 2014 |

Lifelock’s homepage says it all –Protecting Your Identity in an Always-Connected World Comprehensive identity theft protection from LifeLock helps safeguard your finances, credit and good name. In today’s always-connected world, that’s more important than ever.  The core of its business is data security.

In a post of 16 May Lifelock’s CEO explained that Lifelock’s mobile app is not secure.  Technically, it is not compliant with the payment card industry security standards.  The potential for a data breach was too great a threat to tolerate.  Accordingly the apps have been withdrawn and data deleted.

It is a salient example of why businesses must take as much care with developing their mobile apps as they do any other aspect of their data security architecture.  If anything the care should be greater given the additional potential threats in losing data, such as interception across unsecured wi fis.

In the Australian context a business, particularly a large operation whose core activity is data storage and protection, failing to be compliant with minimum industry standards relating to security would run the risk of breaching APP 11 at minimum.

The post provides

One thing I’ve learned in business and, for that matter, life is the importance of authenticity and transparency.

With that in mind, I want to make you aware of an issue that we identified related to our recently acquired LifeLock Wallet application. We have determined that certain aspects of the mobile app may not be fully compliant with payment card industry (PCI) security standards. 

For that reason, we are removing the LifeLock Wallet application from the App Store, Amazon Apps, and Google Play, and when users open the LifeLock Wallet, their information will be deleted in the app..

We also want you to know that this does not in any way affect LifeLock subscription identity theft protection services.

We have taken steps to delete all stored information for the mobile app from our servers. Even though we have no reason to believe the data has been compromised, we believe this is the right thing to do. As a company dedicated to online security and safety, we are committed to doing everything we can to ensure those who trust us with their personal information can do so without question.

We believe the LifeLock Wallet provides services and functionality that users value, and we’ll be working to return a Wallet with the highest level of PCI compliance to users soon.

We know we’re asking a lot of our LifeLock Wallet users—to delete and go without this application for a period of time. I personally apologize for the inconvenience.

At the same time, I want to make sure that when LifeLock Wallet is available again, you’ll know that you can download it, provide your personal information and use it again with confidence—knowing that it’s backed by an industry leader that is committed to doing the right thing and taking care of its customers.

One Response to “Lifelock Wallet, a company whose business is to provide services to protect customers from identity theives, withdraws its app because its is not secure enough. Ouch!”

  1. Lifelock Wallet, a company whose business is to provide services to protect customers from identity theives, withdraws its app because its is not secure enough. Ouch! | Australian Law Blogs

    […] Lifelock Wallet, a company whose business is to provide services to protect customers from identity … […]

Leave a Reply