Surprise, surprise. A company has giant data breach due to negligent security, but not to worry! They'll protect you by offering you credit monitoring for one year free!

It would be nice if people could spot this B.S. easily by now, but I'm guessing there are a lot that won't so let me spell it out. Credit monitoring is a waste of your time and is likely only offered to make it seem like they're doing something for you when they probably don't. I wouldn't be surprised to find out that the credit monitoring companies have a "data breach plan" where companies can get a bulk discount by offering monitoring to all their victims.

It's a classic win-win-lose. The breach company wins PR points, the monitoring companies continue to make money for not providing any real service, and we all lose.

If you're worried about id theft, just freeze your credit reports!

Todd Davis didn't post his social security number publicly because he thought his company could protect it. He did it as an advertising gimmick that netted him almost 2 million paying customers. At least, I have to assume that's what Todd's motivations were because I'm guessing he's not an idiot and knew his service wouldn't actually prevent ID theft. Even if he were, there have been so particularly telling clues recently such as:

1. Having his own identity robbed 13 times since the stunt began.
2. The 12 million dollar settlement with the FTC over false advertising relating to their gross misrepresentation of being able to prevent ID theft.

That's why when an employee's sensitive data showed up online, they worked to have it removed. No one should have their social security number posted publicly because the risk is too great. Unless of course you're the CEO of a company that charges $10/month to almost 2 million people and can afford any amount of ID theft you're hit with.

For those that are bad at math, that's 20 million a month income. Makes that $12 million settlement seem kind of inconsequential doesn't it?

I'm not surprised about the fine, just that it took this long. Of course, they'll just shrug it off and any other lawsuit so long as they make more money than they spend.

Sadly, by the time someone actually shuts Lifelock down (if ever), the people responsible for it will be so rich that it won't make any difference. But until then, we can feel a little happier knowing that there are some organizations that are making them pay for their dishonesty; although 12 million dollars is less than one month of Lifelock's income on their almost 2 million reported customers.

This totally made my day:

A Wisconsin college student filed a class-action complaint against Experian this week, claiming that the company's ubiquitous ads for FreeCreditReport.com led her to believe she could use the site to get a no-cost credit report.

Go figure! Someone believed that FreeCreditReport means you can get a free credit report? What are the odds!?

How this has gone on this long I'll never know. Even after 11,000 Better Business Bureau complaints the most that's been done to date was the very cool FTC spoof videos making fun of FreeCreditReport's TV ads where they did everything short of calling them crooks.

It's such an exquisite pleasure to watch this bogus company go down; let's hope this suit sticks.

Update June 2010:

It's probably been a month or two (or three or four) since this happened, but as a result of the lawsuit, the FTC has required them to put a giant banner on the top of their website saying essentially that they're full of it. Granted, the site should just have been shut down, but it's still nice to see.

Hard to sell your supposedly free reports now isn't it?

"If these companies want to say — or sing for that matter — that they are giving people free credit reports, then they can't charge people $15 a month, simple as that," Schumer said. "For years, these companies have said with a smile that they will provide a free credit report — even though the government already requires a credit report be provided for free every year – and then suddenly, months later consumers get a bill in the mail for their credit monitoring services. My plan would finally bust up this scam and give consumers some honest choices."

I can't really state this often enough. There's only one place to get free credit reports and that's

Freescore is that company that's been advertising with Ben Stein on TV and they've been at the same dirty tricks as all these bogus free credit score places. However, because of a blogger who posted that they're a "predatory bait-and-switch" and also pointed out that the parent company of Freescore is VERTRUE, INC who has a Better Business Bureau score of F for charging people unexpectedly and then hassling them to get their money back (quoted loosely from here).

Freescore decided to file a libel lawsuit that looks surprisingly bogus to Felix Salmon, a blogger at Reuters. Not only did they never accuse the blogger of posting anything false, but the only part of the post that could be considered libelous was a direct quote from Felix's blog in the first place!

Well, this nonsense is no surprise to anyone that's watched these companies taking people's money and providing nothing in return.

Remember, there is only one place to get free credit reports and that's

The police probably shouldn't have their keys hanging visible to the world.

The first main point to learn from this is that you have to be really careful when you walk around in public with identity badges or keys visible. They can be photographed at great distance and be duplicated at leisure (as in the example a while back where a researcher photographed a key on the ground from over 200 feet away and was able to make a working duplicate of it).

Second, he used a 3D printer to create the key from plastic instead of metal which was cheaper, easier and something most anyone can do (if they have or can get access to a 3D printer). It's worse because the key is plastic and won't trip a metal detector. But the issue that no one has talked about yet is the danger of the photo used to show off the key.

Here is the key, but something else important as well.

The person holding it (which I assume was the creator of the key) has fully visible fingers with ridge detail clear enough to possibly create a false fingerprint (just like he did with the key). In other words, by posting a photo showing his fingerprints, he may have just made the same mistake that the police did when they left their keys in the open to be photographed and copied.

Remember to always be careful when posting photos online.

If you signed up with Lifelock and are unhappy with their service or guarantee or just want further info on the class action you can contact David Paris at Marks & Klein, (732)-747-7100.

I almost wish I had signed up for Lifelock so I could get involved.

1) TJX is the parent company of several other companies including TJ Maxx. Each of those companies shared data with TJX creating a massive database (and a single target for the hackers).

2) TJX (and others) shouldn't have stored the credit card data in the first place and when they did, they should have used better security.

Though they'll blame "clever hackers" for the breach, the fault instead lies squarely with TJX who's business practice of storing credit cards against people's will along with negligent use of outdated wireless encryption (WEP) first created a giant target and then then left a gaping hole for the bad guys to bea able to go and get it.