The FTC may have settled charges against Aaron’s over the use of DesignerWare LLC software, but the consumers haven’t. Crystal and Brian Byrd are still pursuing a lawsuit against Aaron’s and now there’s another lawsuit filed on behalf of another consumer by the same attorneys. As Associated Press reports:
Spyware installed on computers leased from furniture renter Aaron’s Inc. secretly sent 185,000 emails containing sensitive information _ including pictures of nude children and people having sex _ back to the company’s corporate computers, according to court documents filed Wednesday in a class-action lawsuit.
According to the filings, some of the spyware emails contained pictures secretly taken by the rental computers’ webcams or other sensitive information including Social Security numbers, social media and email passwords, and customer keystrokes, the Federal Trade Commission determined last year.
The attorneys also claimed Atlanta-based Aaron’s hasn’t properly notified at least 800 customers allegedly targeted by spyware made by DesignerWare, a company located in North East, Pa.
Read more on Public Opinion.
With respect to that last point, I went back and looked again at the consent order involving Aaron’s, and it appears that it contains no provision requiring notification of consumers whose images were transmitted. Could the consent order even require that if it allows the respondents to get away with not admitting any guilt or admitting to the facts of the case? Going forward, the FTC needs to consider whether consumers need to be notified of a privacy or data security breach and include some requirement that such notification be made.
Update: I see that ColorTyme is also being sued in another potential class action lawsuit. ColorTyme also one of the companies involved in the FTC’s case. The case files on them can be found here.