Arizona Joins $3.5M Settlement After Installation of Hacker Vulnerable Software on Laptop Computers

Arizona Joins $3.5M Settlement After Installation of Hacker Vulnerable Software on Laptop Computers
Arizona Joins $3.5M Settlement After Installation of Hacker Vulnerable Software on Laptop Computers

Attorney General Mark Brnovich announced Arizona joined with 31 other states in a consumer fraud settlement with Lenovo Inc., the world’s second largest computer manufacturer.

Under the settlement, Lenovo resolves allegations that it shipped some of its laptops preloaded with adware that compromised security protections in order to deliver ads to Arizona consumers. Those compromised security protections allegedly made consumers' personal information vulnerable to hackers. The settlement was negotiated in coordination with the Federal Trade Commission. Arizona will receive $83,961 from the settlement.

In August 2014, North Carolina-based Lenovo began selling certain laptop computers that contained pre-installed adware called VisualDiscovery, which was created by the company Superfish, Inc. VisualDiscovery purportedly delivered pop-up ads to consumers of similar looking products sold by Superfish retail partners whenever a customer's mouse hovered over the image of a product on a shopping website. The states claim that VisualDiscovery displayed a one-time pop-up window the first time consumers visited a shopping website. Unless consumers opted out, VisualDiscovery would be enabled on their computers.

The states allege that Lenovo's failure to disclose the presence of VisualDiscovery on its computers, its failure to warn consumers that the software created a security vulnerability, and its inadequate opt-out procedure violated Arizona consumer protection laws.

Lenovo stopped shipping laptops with VisualDiscovery pre-installed in February 2015, though the states allege that some laptops with the software were still being sold by various retail outlets as late as June 2015.

In addition, the settlement requires Lenovo to receive a consumer's affirmative consent to using the software on their device and to provide a reasonable and effective means for consumers to opt-out, disable or remove the software.

Lenovo is also required to implement and maintain a software security compliance program and must obtain initial and biennial assessments for the next 20 years from a qualified, independent, third-party professional that certifies the effectiveness and compliance with the security compliance program.

The settlement is not final unless and until it is approved by the Pima County Superior Court.

This matter was handled by Assistant Attorney General Taren Ellis Langford.

If you believe you have been the victim of consumer fraud, please contact the Attorney General’s Office in Phoenix at (602) 542-5763, in Tucson at (520) 628-6504, or outside the metro areas at (800) 352-8431. Bilingual consumer protection staff is available to assist. Consumers can also file complaints online by visiting the Attorney General’s website at https://www.azag.gov/complaints/consumer.

BLOG COMMENTS POWERED BY DISQUS