Lenovo, the world’s second largest maker of personal computers, this week agreed to settle a complaint brought against it by 32 states, including Illinois.
NBC 5 Investigates first brought you the allegations against Lenovo in 2015, when consumers in private lawsuits accused the company of sabotaging its own customers. The Federal Trade Commission and state attorneys general then weighed on the same matter, going after Lenovo en masse. At the heart of their complaint, allegations Lenovo pre-loaded software called “Superfish” which effectively spied on a computer user’s keystrokes and formulated targeted ads to spit back at the user. This “man-in-the-middle” software allegedly created a security opening, into which hackers could walk and capture private information.
The settlement by the FTC and 32 states announced this week reveals enforcement action against Lenovo. No fines were levied, but the company does face a security compliance overhaul.
In response to the settlement, Lenovo said:
Today it was announced that Lenovo has reached settlements with the Federal Trade Commission (FTC) and a coalition of thirty-two U.S. states to resolve their concerns related to the third-party “VisualDiscovery” software that Lenovo preinstalled on certain consumer laptop products in late 2014 and early 2015. While Lenovo disagrees with allegations contained in these complaints, we are pleased to bring this matter to a close after 2-1/2 years.
After learning of the issues, in early 2015 Lenovo stopped preloading VisualDiscovery and worked with antivirus software providers to disable and remove this software from existing PCs. (Those instructions can be found on the Lenovo website here.) To date, we are not aware of any actual instances of a third party exploiting the vulnerabilities to gain access to a user’s communications. Subsequent to this incident, Lenovo introduced both a policy to limit the amount of pre-installed software it loads on its PCs, and comprehensive security and privacy review processes, actions which are largely consistent with the actions we agreed to take in the settlements announced today.
Product security, privacy and quality are top priorities at Lenovo. We have a responsibility to deliver products and solutions that maintain the high standards we set for customer experience while also protecting the privacy, integrity, and availability of our customers’ data. For more information on Lenovo’s current and comprehensive approach to product security, please visit the Lenovo Security Vault at: http://www3.lenovo.com/us/en/product-security/landing.shtml.
Consumers who own Lenovo laptops can check their models here, along instructions on how to remove the software.