Skip to main content
close search
site logo
Dive Brief

Lenovo settles FTC dispute over preinstalled adware, to pay $3.5M fine

Published Sept. 5, 2017
By
Associate Editor
Adobe Stock

Dive Brief:

  • Lenovo agreed to settle charges with the Federal Trade Commission and a coalition of 32 states for giving customers preloaded "man-in-the-middle" software that pushed ads at the cost of security, the FTC announced Tuesday. As part of the agreement, Lenovo is required to implement a comprehensive software security program subject to third-party audits for 20 years. The company must also get customer permission before preinstalling such software and is forbidden from misrepresenting contents of preloaded product. Lenovo must also pay $3.5 million to the state coalition, according to an announcement from the office of Attorney General in New Jersey.

  • The FTC highlighted Lenovo’s case as a learning experience for other companies to remain transparent when handling consumers’ personal information, to oversee software vendors and to carefully weigh risks of security feature modification, as reported in an FTC blog post.

  • In a statement, Lenovo noted that the preloaded Visual Discovery software was removed in early 2015, shortly after it was unearthed in late 2014. The company has since put in place measures to limit preloaded software and reviews security and privacy policies.

Dive Insight:

In the past, Lenovo’s claim to fame was its dominance in the computer manufacturing industry, but with the PC market in decline, Lenovo is expanding its reach into new markets, such as data center infrastructure, AI and high-performance computing, hyperscale systems and other data center services.

Legally settling a PC issue that arose nearly three years ago — and one which Lenovo made the fixes for nearly two years ago — is significant. The debate over handling customer privacy and personal information has raged on for years and shows no signs of letting up.

Other companies have recently felt their fair share of FTC enforcement. In August, Uber settled its second FTC dispute after failing to adequately protect consumer data. Earlier this year, the FTC filed a complaint against an IoT manufacturer for also failing to put security measures protecting customer privacy in place.

Lenovo’s new legal commitments under the settlement are important for judicial purposes, but the company already dealt with the Visual Discovery software in 2015 and instituted long-term policies to improve security. Lenovo and Uber have both pledged to make the FTC-issued improvements, but the reality is companies often deal with the problems on their own long before regulatory bodies can hand down a sentence.

As the de facto watchdog of businesses’ data security practices, the FTC must set regulatory precedents for customer protections in modern tech, especially with so many companies in the cloud. Given the years-long lag between an incident occurring and a settlement being decided, agency regulations often struggle to keep pace with modern technologies.

Recommended Reading

Filed Under: Security

Editors' picks

Company Announcements

View all | Post a press release
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
Newgen Recognized in Gartner® Magic Quadrant™ for Enterprise Low-code Application Platforms Fi…
From Newgen Software
October 30, 2024
truCX Launches Groundbreaking Partner Portal, Empowering CX Consultants and Trusted Advisors w…
From truCX
October 30, 2024
Blackpoint Cyber Launches Global Partner Program and Enablement Platform Emphasizing a Focus o…
From Blackpoint Cyber
October 30, 2024
Editors' picks
Latest in Security
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell