Lenovo and software partner Superfish have been offered a proposed settlement in a class-action suit, brought about by the installation of adware with a serious security flaw on Lenovo's laptops in 2015, which will see participants receive between $40 and $55 each.
Issues surrounding adware pre-loaded onto selected Lenovo laptops to boost revenue were raised back in 2015, not merely due to the presence of the adware itself - which Lenovo claimed was 'purely based on contextual/image [matching] and not behavioural [tracking]' - but more as a result of a serious security issue allowing the interception of supposedly-encrypted traffic and false validation of malicious software.
At the time, Lenovo claimed that it had 'thoroughly investigated this technology and [did] not find any evidence to substantiate security concerns;' this stance was quickly reversed when step-by-step instructions for exploiting the flaw were published leading Lenovo to pledge an end to adware and bloatware installations - a pledge which lasted all of five months. A 2017 ruling by the US Federal Trade Commission (FTC) would see the company dodge a fine in return for third-party security auditing.
While the FTC may have let Lenovo off lightly, its customers did no such thing: A class-action lawsuit was filed against the company, and Digital News Daily was the first to spot that a settlement has been proposed. Under the terms of the deal, Lenovo will pay $7.5 million - significantly more than the $3.5 million individual state settlements are estimated to have cost the company - while Superfish, the developer of the adware in question, will pay $1 million. For the class members, that translates to a $55 payout each - though those who have not yet joined the class have until March 25th to register, which could push the payment down to around $40.
The settlement offer is currently before a US District Court judge, who is expected to rule on it in mid April.
November 22 2019 | 13:00