

Lifelock Once Again Failed at Its One Job: Protecting Data - crisnoble
http://www.wired.com/2015/07/lifelock-failed-one-job-protecting-data/

======
cam-
I worked at Lifelock. When Zappos had a breach in about 2010(?) my account was
one of the ones that gat caught up in that. So myself and another engineer
went over the Lifelock systems of the time and upgraded all the security
related to it.

We created a pluggable EJB library that could be used by any product inside
the company. We worked with infosec and the architect at the time to make sure
we used the best encryption mechanism, that keys were on remote locations and
that keys were encrypted.

I probably shouldn't put this info on the internet but I was proud of that
project as engineering did it off their own bat to increase data security.
Basically because we didn't want to be Zappos.

It is possible that companies Lifelock have bought since then or third party
apps are not up to par. But the engineering team in Tempe worked hard to make
sure PII/PCI data was protected.

