Lenovo Group Ltd. has reached a tentative $3.5 million settlement to resolve accusations that it had installed on some consumer laptops a type of ad-injecting software that could give criminals a way to steal consumers' personal information.
The Federal Trade Commission and 32 state attorneys general accused Lenovo of selling some 750,000 laptops, beginning in August 2014, with a software developed by another company, Superfish, that delivered pop-up ads from retail partners and made product recommendations based on websites visited. Lenovo had said the software was intended as a browser add-on that worked as a visual search engine to make shopping online easier.
Continue Reading Below
Consumers were considered to have "opted in" if they clicked on the pop-up's "X" close button or anywhere else on the screen, according to the FTC complaint.
Unbeknown to consumers, the software acted as a "man-in-the-middle," breaking secured connections, for example between a user's laptop and a bank's website. In addition, the adware, which used the same password on all the laptops, had access to all information users sent over the internet, including login credentials, Social Security numbers and medical information. Cybercriminals could easily exploit those vulnerabilities, security experts warned.
Lenovo said it disabled the adware and stopped installing it in early 2015, but the FTC said laptops with the adware's original version were still being sold through other retailers in June 2015.
Under the terms of the tentative settlement, Lenovo doesn't admit or deny the allegations. The agreement requires Lenovo to disclose to consumers how pre-installed advertising software works and seek permission to install it, along with a way to disable or remove the software. Lenovo is also required to put in place a software security program, subject to third-party audits for the next 20 years.
Write to Maria Armental at email@example.com
(END) Dow Jones Newswires
September 05, 2017 20:11 ET (00:11 GMT)