The FTC has reached a settlement with seven rent-to-own companies, and the developer of a tracking tool, which the agency said was used to violate consumer privacy. The problem stems from the tool itself, which used a “Detective Mode” to track computers that were stolen or behind on payments.
According to the FTC, software maker DesignerWare, LLC, collected the data that enabled rent-to-own stores to track the location of rented computers without consumers’ knowledge. The complaint says that in addition to a kill switch the rent-to-own stores could use to disable a computer if it was stolen, or if the renter failed to make timely payments; their software also had an add-on program known as Detective Mode that helped rent-to-own stores locate rented computers and collect late payments.
When Detective Mode was activated, the software logged keystrokes, took screen shots, and photographs using a computer’s webcam. Moreover, it presented a fake registration screen that tricked consumers into providing their personal contact information.
The damning part of the complaint however, is that the data gathered by DesignerWare and provided to rent-to-own stores revealed private and confidential details about the computer users. This includes information such as user names and passwords for email accounts, social media websites, and financial institutions; as well as Social Security numbers, medical records, private emails to doctors, bank and credit card statements, and webcam pictures of children, partially undressed individuals, and sexual activities.
“An agreement to rent a computer doesn’t give a company license to access consumers’ private emails, bank account information, and medical records, or, even worse, webcam photos of people in the privacy of their own homes,” said Jon Leibowitz, Chairman of the FTC.
In addition to DesignerWare, The FTC also reached settlements with seven companies that operate rent-to-own stores, including franchisees of Aaron’s, ColorTyme, and Premier Rental Purchase.
The settlements bar the companies from any further illegal spying, from activating location-tracking software without the consent of computer renters and notice to computer users, and from deceptively collecting and disclosing information about consumers.
A copy of the complaint can be seen here.
More from Steve Ragan
- Anonymous Claims Attack on IP Surveillance Firm Brickcom, Leaks Customer Data
- Workers Don’t Trust Employers with Personal Data: Survey
- Root SSH Key Compromised in Emergency Alerting Systems
- Morningstar Data Breach Impacted 184,000 Clients
- Microsoft to Patch Seven Flaws in July’s Patch Tuesday
- OpenX Addresses New Security Flaws with Latest Update
- Ubisoft Breached: Users Urged to Change Passwords
- Anonymous Targets Anti-Anonymity B2B Firm Relead.com
Latest News
- OpenSSL Ships Patch for High-Severity Flaws
- Software Supply Chain Security Firm Lineaje Raises $7 Million
- ICS Cybersecurity Firm Opscura Launches With $9.4 Million in Series A Funding
- Vulnerability Provided Access to Toyota Supplier Management Network
- Patch Released for Actively Exploited GoAnywhere MFT Zero-Day
- Linux Variant of Cl0p Ransomware Emerges
- VMware Says No Evidence of Zero-Day Exploitation in ESXiArgs Ransomware Attacks
- Comcast Wants a Slice of the Enterprise Cybersecurity Business
