Two Lawsuits Filed Against Lenovo Over Superfish Scandal

Lenovo's Superfish adware drew a lot of anger and criticism last week to the point where the software was immediately disabled and the company promised it would not upload it in future releases. Even with Superfish disabled and Lenovo's assurance that there were no vulnerabilities associated with the software, the effect on affected products is irreversible. In the wake of the incident, a class-action lawsuit was filed against Lenovo last week which could put the company in jeopardy.

The class-action suit, with blogger Jessica Bennett as the plaintiff, was filed at the U.S. District Court in the Southern District of California. Bennett claims that Lenovo invaded her privacy and made a profit by keeping track of her online browsing.

She initially noticed the problem when she wrote a blog post for a client's website with the website featuring spam ads "involving scantily clad women." Further investigation by Bennett on other websites showed more pop-up ads, which led her to believe her Yoga 2 was compromised or contained spyware. She eventually found the source on the Lenovo forums in the form of the company's Superfish software.

Superfish worked by placing ads in search engines and other websites without the user's permission. It also made secure connections vulnerable because of the company's own root certificate, which would replace a secure site's own certificate. Even though the software is now deactivated, those who had Superfish on their Lenovo devices are still vulnerable to hackers who can monitor user traffic and steal important banking credentials.

Another law firm also opened up a class action lawsuit against Lenovo and is encouraging customers to reach out if they want to participate. Both cases are still in their early stages, so the process could take some time before Lenovo gets its day in court. But with Lenovo potentially fighting a legal battle on two fronts, the company seems to be taking a turn for the worse, with the trust of customers slowly fading away.

Follow Rexly Peñaflorida II @Heirdeux. Follow us @tomshardware, on Facebook and on Google+.

This thread is closed for comments
    Your comment
  • thundervore
    And the lawsuits begin. I bet most of the people complaining about privacy invasion are freely giving this information away on Facebook, Twitter, Instagram and other social sites.

    Honestly, this will not put Lenovo in jeopardy. Major corporations who use Lenovo hardware wont care as they wipe the machines and place their own image on them and that makes up a bulk of their sales compared to the average customer buying a Lenovo laptop from Best Buy or Amazon.
  • Spoogemonkey
    These types of breach of public trust issues are very difficult to overcome in the eyes of consumers. As well they should be.

    You can do a lot of crazy <mod edit> as a company and get away with it. This isn't one of them.

    <Moderator Warning: Let's watch the language in these forums>
  • surphninja
    I support a number of users at the local district attorney's office that use Lenovos, and they are livid that so much confidential information could have potentially been compromised.

    I wonder how many other government agencies and corporate customers were potentially affected. The hammer is going to come down hard on them for this.