Global Navigation
Office of The Attorney General
The State of New Jersey Office of The Attorney General (Dept. of Law & Public Safety) The State of New Jersey NJ Home Services A to Z Departments/Agencies OAG Frequently Asked Questions
Services A to Z Departments/Agencies OAG Frequently Asked Questions
OAG Home
OAG Contact
spacer
Back to News Releases
OAG Home Attorney General's Biography
Attorney General's Biography
spacer spacer spacer
   
 
spacer spacer spacer
spacer spacer spacer
For Immediate Release: For Further Information:
September 5, 2017

Office of The Attorney General
- Christopher S. Porrino, Attorney General
Division of Law
- Michelle Miller, Acting Director
Division of Consumer Affairs
- Sharon M. Joyce, Acting Director
Media Inquiries-
Lee Moore
609-292-4791
spacer
Citizen Inquiries-
609-984-5828
spacer
spacer spacer spacer
spacer
Attorney General Announces $3.5 Million Multi-State Settlement with Lenovo over Hacker-Vulnerable Software
spacer
spacer spacer spacer
spacer
View Complaint I View Judgment
spacer
spacer spacer spacer
spacer

TRENTON – Attorney General Christopher S. Porrino announced today that New Jersey has joined with 31 other states in an overall, $3.5 million settlement with Lenovo Inc. that resolves allegations the technology company violated state consumer protection laws by pre-installing software in laptop computers that made users’ personal information vulnerable to hackers. The settlement was negotiated in coordination with the Federal Trade Commission.

“This is an important settlement for New Jersey consumers because it sets down a variety of conditions designed to ensure that, going forward, Lenovo will better protect the personal identifying information of consumers, be more transparent about what software is pre-installed on the products it sells, and provide consumers clearer and more accessible ways to opt out of having such software activated – or present on the machine at all,” said Attorney General Porrino.

In August 2014, North Carolina-based Lenovo began selling certain laptop computers that contained pre-installed ad software called VisualDiscovery, which was created by the company Superfish, Inc.

VisualDiscovery purportedly operated as a shopping assistant by delivering pop-up ads to consumers of similar looking products sold by Superfish retail partners whenever a customer's mouse hovered over the image of a product on a shopping Web site.

The states alleged that VisualDiscovery displayed a one-time pop-up window when consumers visited a shopping web site for the first time. Unless consumers affirmatively opted out, VisualDiscovery would then be enabled on their computers.

According to the states, VisualDiscovery operated by acting as a local proxy, or "man in the middle," that stood between the consumer's browser and all Internet web sites that the user visited, including encrypted sites. This technique allowed the software to see all of a user's sensitive personal information that was transmitted on the Internet. Consumer information-- including sensitive communications with encrypted Web sites-- would be collected and transmitted to Superfish.

The states alleged that Visual Discovery created a security vulnerability that made consumers' information susceptible to hackers in certain situations. The states also alleged that Lenovo's failure to disclose the presence of VisualDiscovery on its computers, its failure to warn consumers that the software created a security vulnerability and its inadequate opt-out procedure violated state consumer protection laws.

Lenovo stopped shipping laptops with VisualDiscovery pre-installed in February 2015, though the states contend that some laptops with the software were still being sold by various retail outlets as late as June 2015.

New Jersey will receive approximately $97,000 from the Lenovo settlement funds. In addition to monetary payment, the settlement requires Lenovo to change its consumer disclosures about pre-installed advertising software, require a consumer's affirmative consent to using the software on their device, and provide a reasonable and effective means for consumers to opt-out, disable or remove the software.

Lenovo is also required to implement and maintain a software security compliance program, and must obtain initial and biennial assessments of that program for the next 20 years from a qualified, independent, third-party professional.

“Regardless of the device we’re talking about,” Porrino said, “companies who make consumer technology such as personal computers and laptops have a duty not to compromise the personal information of consumers and have a duty to disclose the presence of any software that’s been pre-installed on the device. We are committed to protecting the privacy of New Jersey technology consumers, and will hold accountable any companies whose actions jeopardize that privacy.”

The settlement is not final unless and until it is approved by the court.

Deputy Attorney General Elliott M. Siebers, of the Division of Law’s Government and Healthcare Fraud Section, handled the Lenovo matter on behalf of the State.

Follow the New Jersey Attorney General’s Office online at Twitter, Facebook, Instagram & YouTube. The social media links provided are for reference only. The New Jersey Attorney General’s Office does not endorse any non-governmental websites, companies or applications.

spacer
spacer spacer spacer
spacer
 
News Index Page I top
 
Executive Assistant Attorney General
Attorney General's Message Ask the Attorney General
Contact OAG About OAG
OAG News OAG Frequently Asked Questions
OAG Library Employment
OAG Grants Proposed Rules
OAG History OAG Services A-Z
Statutes
OAG Agencies / Programs / Units
Other News Pages Otras Noticias en Español Division of NJ State Police Division of Law News Governor's Office News Division of Highway Traffic Safety News Office of the Insurance Fraud Prosecutor Juvenile Justice Commission News Division on Civil Rights News Division of Consumer Affairs News Division of Criminal Justice News Election Law Enforcement Commission Division of Gaming Enforcement News
NJ State Police News Governor's Office News Division of Highway Traffic Safety News Office of the Insurance Fraud Prosecutor Juvenile Justice Commission News Division on Civil Rights News Division of Consumer Affairs News Division of Criminal Justice News Election Law Enforcement Commission Division of Elections News Division of Gaming Enforcement News Office of Government Integrity News
   
Contact Us | Privacy Notice | Legal Statement | Accessibility Statement
NJ Home Logo
Departmental: OAG Home | Contact OAG | About OAG | OAG News | OAG FAQs
Statewide: NJ Home | Services A to Z | Departments/Agencies | FAQs
Copyright © State of New Jersey
This page is maintained by OAG Communications. Comments/Questions: email or call 609-292-4925
OAG Home OAG Home NJ State Police News Governor's Office News Division of Highway Traffic Safety News Office of the Insurance Fraud Prosecutor Juvenile Justice Commission News Division on Civil Rights News Division of Consumer Affairs News Division of Criminal Justice News Election Law Enforcement Commission Division of Elections News Division of Gaming Enforcement News Office of Government Integrity News Click to Enlarge Image Click to Enlarge Image Click to Enlarge Graphic Click to enlarge chart Click to enlarge map Click to Enlarge Click to Enlarge Click to Enlarge Click to Enlarge Click to Enlarge Click to Enlarge Click to Enlarge Click to Enlarge Click to Enlarge Click to Enlarge Click to Enlarge Click to Enlarge Click to Enlarge Click to Enlarge Click to Enlarge Click to Enlarge Click to Enlarge Click to Enlarge Click to Enlarge Click to Enlarge Click to Enlarge Click to Enlarge Click on image to enlarge... Click on image to enlarge... Click to enlarge...Click to enlarge...Click to enlarge...Click to enlarge... Click to enlarge...