The Federal Trade Commission says LifeLock did not set up a program to protect sensitive data like credit card numbers, Social Security numbers and bank account numbers, which the company agreed to do as part of the 2010 settlement.
The agency also says LifeLock didn't keep records it had agreed to maintain and has falsely advertised that consumers' data received the same level of protection as financial institutions get and that consumers would be alerted as soon as the company discovered a potential problem.
The FTC said Tuesday it asked a court to order LifeLock to provide redress to consumers.
In March of 2010, LifeLock agreed to pay $12 million and make changes to its business practices as part of a settlement with the FTC and 35 states. Most of the money was used to cover the cost of customer refunds. In court documents, the FTC says LifeLock violated parts of the order as recently as December 2014.
LifeLock says the FTC's actions and statements are related to past business practices and that it is prepared to defend itself in court. The Tempe, Arizona-based company says it has been co-operating and talking to the agency for a year and a half.
LifeLock Inc. shares tumbled 38 per cent to $9.91 in afternoon trading. Earlier the shares hit a two-year low of $9.60.
LifeLock said its revenue grew 25 per cent to $134 million in the first quarter and said it set a record for new member growth as companies and government institutions continued to report data breaches. It had about 3.9 million members at the end of the quarter. The company is forecasting $584 million to $590 million in revenue in 2015.
Company co-founder and CEO Todd Davis used to put his own social security number on business cards and company trucks to advertise LifeLock's $10 and $15 per month services. LifeLock went public in October 2012 in an IPO that priced at $141 million.