Avast reached a settlement with the FTC to resolve its investigation of Avast's past provision of Avast and AVG product data to its subsidiary, Jumpshot. Avast voluntarily closed its former subsidiary Jumpshot and ceased its data collection operation over four years ago, in January 2020. While we strongly disagree with the FTC's allegations and characterization of the facts, we are pleased to resolve this matter and we remain committed to our mission of protecting and empowering people's digital lives.
For specifics on the settlement, please see the FTC's information page here. Below you will find more information to help clarify questions you may have. If you have additional questions, please call 1.866.588.5089 or reply to the email you received.
How will I know if I've been impacted?
If you were a user of Avast Online Security; AVG Online Security; Avast Secure Browser; Avast Antivirus - Mobile Security & Virus Cleaner; Avast Free Antivirus; and Avast Premium Security between August 1, 2014, and January 30, 2020, your browsing data may have been shared with Jumpshot unless you opted out of having your data used for this purpose. Email notifications will be sent to U.S. users who have emails on-file with Avast and who may have been impacted.
Is my data currently safe with Avast?
Avast continues to take proactive measures to ensure that we safeguard our customers' data. Avast does not sell consumer data and the operational provisions of the settlement are consistent with the company's current privacy and security programs. Additionally, this was not a data breach, and data was not exposed to bad actors.
The email says that the data was not fully anonymized – what does it mean?
The data shared with Jumpshot was browsing data (for example, a URL you visited), with a timestamp and a unique identifier. Avast used patented, proprietary technology to prevent cross-customer reidentification, including stripping potentially identifying information from URL strings.
While the most common forms of personal data were stripped from the URLS (such as names, emails) in some circumstances personal information, such as a referral ID may not have been stripped.
The FTC acknowledges those efforts but alleges in some cases that the data was not sufficiently anonymized. Avast is not aware of any buyers of Jumpshot data that attempted to re-identify individual customers.
Can you share more about specific details of browsing history that was shared with Jumpshot?
Browsing data was collected from devices that had select Avast or AVG products installed during the time Jumpshot was in operation, unless the customer had opted-out from sharing this data. However, the browsing data was not tied to identifiable personal information.
The products involved were Avast Online Security, AVG Online Security, Avast Secure Browser, Avast Antivirus – Mobile Security & Virus Cleaner; Avast Free Antivirus, Avast Premium Security between August 1, 2014, and January 30, 2020.
What was the connection Avast had with Jumpshot?
Jumpshot was a subsidiary of Avast. Avast shut down Jumpshot in January 2020.
Do Jumpshot's customers still have my data?
Avast has notified that all customers of Jumpshot delete or destroy any remaining data acquired from Jumpshot.
Why was the data sold?
Jumpshot customers were businesses that purchased aggregated, deidentified browsing data for marketing analytics purposes.
What consent did you have from me to sell my data?
Avast and AVG terms and conditions for the products that supplied data to Jumpshot disclosed that browsing information would be de-identified and used for marketing analytics, with an opportunity to opt-out from this use of data.
- Avast Antivirus – Mobile Security & Virus Cleaner
- Avast Free Antivirus
- Avast Premium Security
- Avast Secure Browser
- Avast Online Security
- All supported platforms
Updated on: 11/07/2024