North Carolina Department of Justice
North Carolina Department of Justice
North Carolina Department of Justice
Submit this request

Attorney General Josh Stein Settles with Lenovo over Installation of Hacker-vulnerable Software on Laptop Computers

Release date: 9/5/2017


RALEIGH, N.C. – Attorney General Josh Stein today announced that North Carolina has settled with Lenovo (United States) Inc. to resolve allegations that the company violated state consumer protection laws by pre-installing software on laptop computers sold to North Carolina consumers that made consumers' personal information vulnerable to hackers.  The settlement was negotiated and finalized in coordination with the Federal Trade Commission and 31 other states.

“North Carolinians must be able to trust that the laptops they purchase are not leaving them more vulnerable to hackers,” said Attorney General Stein. “I will do everything in my power to keep people safe online. I am glad to see Lenovo taking action to prevent this from happening again.”
 
The total settlement amount is $3.5 million. North Carolina will receive $101,046.
 
In addition to the monetary payment, the settlement requires Lenovo to change its consumer disclosures about pre-installed advertising software, to require a consumer's affirmative consent to using the software on their device and to provide a reasonable and effective means for consumers to opt-out, disable or remove the software.
 
Lenovo is also required to implement and maintain a software security compliance program and must obtain initial and biennial assessments for the next 20 years from a qualified, independent, third-party professional that certifies the effectiveness and compliance with the security compliance program.
 
In August 2014, Lenovo began selling certain laptop computers that contained pre-installed ad software called VisualDiscovery, which was created by the company Superfish, Inc. VisualDiscovery purportedly operated as a shopping assistant by delivering pop-up ads to consumers of similar looking products sold by Superfish retail partners whenever a customer's mouse hovered over the image of a product on a shopping Web site. The states claim that VisualDiscovery displayed a one-time pop-up window the first time consumers visited a shopping website. Unless consumers affirmatively opted out, VisualDiscovery would be enabled on their computers.
 
###
 
 

Contact:
Laura Brewer
(919) 716-6484