You’d think that few types of software are as reliable as some of the best antivirus programs out there, but it turns out that perceptions can be deceiving. Avast, one of the most recognizable PC antivirus solutions, was found to have secretly collected and sold user data to third-party companies over a period of six years.

After an investigation, the US Federal Trade Commission (FTC) fined Avast $16.5 million and prohibited it from doing so again in the future. Even if you weren’t using Avast, your data may still have been compromised, as there are many anti-virus software programs that all fall under the same umbrella.

According to FTC, Jumpshot, a subsidiary of Avast (which “voluntarily closed” in 2020), sold user browsing data to more than 100 different companies between 2014 and January 2020. The FTC also found that Jumpshot collected over eight petabytes (that’s 8,000 terabytes ) browsing data. The data included things that no antivirus should ever sell to companies, such as information about health and medical conditions, religious beliefs, political leanings, finances, and more.

when PCMag and Motherboard (Vice) Originally publishing an investigation into Avast selling user data, the company claimed the data was first stripped of identifying information before it was sold. However, Jumpshot also had deals with advertising companies such as Lotame and Omnicom, allowing them to match the data with their own sources, making it easier to identify individual users.

Samuel Levine, director of the FTC’s Office of Consumer Protection, said in a statement: “Avast promised users that its products would protect the privacy of their browsing data, but delivered otherwise. Avast’s bait-and-switch monitoring tactics compromised consumer privacy and violated the law.”

1. Avast promised users it would protect their browsing data from online tracking — but then did the exact opposite. @FTCIts action against Avast makes it clear that browsing data is sensitive and that companies that sell that data may be breaking the law.

— Lina Khan (@linakhanFTC) February 22, 2024

The FTC notes that Jumpshot earned “tens of millions in gross revenue,” all by selling data collected through Avast — and customers were never properly informed.

Not only did Avast fail to inform consumers that it collected and sold their browsing data, the company claimed its products would reduce online tracking,” according to the FTC. The software promised to block “annoying tracking cookies” that collected data about browsing activities, as well as protect user privacy.

Gen Digital, the company that owns Avast, also has a number of other products related to Internet and PC security. This includes Norton, Avast, LifeLock, Avira, AVG, Reputation Defender, CCleaner, Recuva, Speccy and Defraggler.

The company addressed the situation in a statement to PCMag, saying: “We are committed to our mission of protecting and empowering people’s digital lives. While we disagree with the FTC’s allegation and characterization of the facts, we are pleased to resolve this matter and look forward to continuing to serve our millions of customers around the world.” In addition to the $16.5 million fine and strict orders not to sell or license user data collected for advertising purposes, Avast will have to inform affected users that their data has been sold in the past.

Editors’ recommendations