Lenovo settles charges it sold laptops with compromised user security

This post was originally published on this site

WASHINGTON (Reuters) – Lenovo Inc, a major laptop maker, has agreed to pay $3.5 million and make changes in how it sells laptops in order to settle allegations it sold devices with pre-loaded software that compromised users’ security protections.

The agreement with Connecticut, the Federal Trade Commission and 31 other states was announced on Tuesday.

The software, called VisualDiscovery, was installed on hundreds of thousands of laptops beginning in August 2014 in order to deliver pop-up advertisements. The software also blocked browsers from warning users when they tried to access malicious websites.

The software was also able to access consumers’ sensitive information, like Social Security numbers, the FTC said. That information was not sent to Superfish, which sold VisualDiscovery, the FTC said.

“Lenovo compromised consumers’ privacy when it preloaded software that could access consumers’ sensitive information without adequate notice or consent to its use,” Acting FTC Chairman Maureen Ohlhausen said in a statement. “This conduct is even more serious because the software compromised online security protections that consumers rely on.”

Lenovo said in a statement that it stopped selling the pre-loaded software in early 2015.

“While Lenovo disagrees with allegations contained in these complaints, we are pleased to bring this matter to a close after 2-1/2 years,” the company said.

“To date, we are not aware of any actual instances of a third party exploiting the vulnerabilities to gain access to a user’s communications,” the company said in an email statement.

As part of the settlement, Lenovo agreed to get consumers’ consent before installing this type of software, the FTC said.