Three Brands to Avoid on Cyber Week: Part 1—Lenovo

It’s Cyber Monday, and across the country millions of Americans are going online today for their holiday shopping. Experts anticipate a record-setting year, as more consumers take advantage of an abundance of virtual deals. Two days ago, Black Friday marked the second largest day of online spending ever for Americans, just shy of Cyber Monday last year.

Watch below: Roslyn Layton’s Guide on Companies to Avoid this Holiday Season

Consumer electronics like computers and smartphones will be at the top of the list for many, especially as families look to upgrade their devices to work and learn from home. But buyers should be careful that the “familiar” brand-name product they put under the tree is not a wolf in sheep’s clothing that could expose their personal data.

This week we will look at several brands thought of as proudly American-made that are, in fact, owned by the Chinese government. Today’s culprit—Lenovo laptops.  

Lenovo has become popular for its affordable, functional computer options. The company now controls about a quarter of the PC market. The manufacturer, a company backed by the Chinese government, owes its success to the acquisition of IBM’s laptop division.

But it is hardly the well-intentioned American company many consumers think it is. The U.S. Department of Commerce restricted Lenovo distribution after reports that the owner-company sourced materials from labor camps of Uyghur Muslims. Last year the Department of Defense issued a warning that the company’s hardware could pose a cyber-espionage risk.

Despite its ubiquity in homes and offices throughout America, Lenovo products have consistently failed to protect consumer privacy. This history includes the installation of spyware on laptops that tracked the online movements of users. The privacy violation affected hundreds of thousands of people and resulted in a multimillion-dollar settlement with the Federal Trade Commission in 2017.

More recently, Lenovo’s fingerprint scanner software was shown to potentially expose login-in credentials and fingerprints, making such data vulnerable to cyberattacks.