Avast FTC Fine: Antivirus Vendor Fined $16.5M For Data Sale
Avast, the famous antivirus software company, has been hit by a $16.5 million fine by the Federal Trade Commission (FTC). The Avast FTC fine was imposed after the FTC revealed that it had reasons to believe that the vendor was selling browsing data of its consumers to third parties.
The penalty may come as a surprise to many, given that protection of consumer data is what the company stands for. In this article, we’ll dive into the Avast FTC fine, and will shed light on why the FTC believes that the cybersecurity company is involved in unlawful sale of consumer data to third parties.
Avast FTC Fine Uncovered
Avast is not a new company, rather, its origin dates back to the 1980s. Many people might not be aware, but Avast started in Czechoslovakia when the Soviet Union still existed. As time progressed, the company went public and made its name in the world of cybersecurity.
Currently, Avast is offering different products in the cybersecurity space which are related to browser security, firewall, protection against viruses, anti-phishing, anti-spam, and other such services. In current times, the company has been one of the leaders when it comes to cybersecurity.
It was not too long ago when Avast researchers found that Adobe Acrobat was being used to distribute malware to people. The FTC says that Avast has been secretly selling browsing data of its customers to more than 100 third parties through Jumpshot, one of its subsidiaries.
FTC’s Chargesheet Against Avast
As per the FTC chargesheet, some of the third parties Avast has been accused of selling data to advertising companies, consulting firms, and data brokers. What’s more shocking is the FTC’s claim that the software company has been collecting user data since at least 2014. The user data which, according to FTC, was unlawfully sold to third parties included the following:
- Search queries by consumers
- URLs of the web pages visited by consumers
- Web addresses of the background resources
- Value of the cookies which are placed on a user’s device by third parties
Avast has been fined $16.5 million for selling browsing data because, according to an FTC release, the vendor has deceived its customers. The software company told its users that their information would be shared only in “anonymous and aggregate form,” however, it did not adhere to its promise, and neither did it ask for the consent of its consumers before sharing their sensitive data.
Beside the $16.5 million FTC fine, Avast is also being banned from selling or licensing its users’ data for the purpose of advertisement. In addition, other remediations also require Avast to:
- Inform the consumers who fell victim to the unlawful browsing data sale by Avast.
- Implement a policy to address the grave misconduct that was highlighted by the FTC.
- Ask its users for their consent before selling their data.
- Delete the data that was transferred to Jumpshot.
It’s worth mentioning here that the FTC recently banned OutLogic, formerly known as X-Social, for selling user location data. These measures necessitate that users must be aware of how their data is used online and that protocols pertaining to data security are being implemented.
Response By The Software Company
Responding to the Avast FTC fine, one of the company’s spokespersons said that although the company disagrees with the allegations, it had reached a settlement with the FTC to resolve the investigation related to Jumpshot. An expert from Avast’s statement reads, “We are pleased to resolve this matter and look forward to continuing to serve our millions of customers around the world.”
Conclusion
Cybersecurity is one of the cornerstones of a safe user experience on the internet. The latest news of the Avast FTC fine has sent shockwaves among people who have been using the company’s products for a long time. This $16.5 million FTC fine underscores the need for effective cybersecurity measures that must be deployed to protect consumer data from unauthorized access and malicious use.
The source for this piece of writing includes articles in The Hacker News and Infosecurity Magazine.