Symantec hit with class-action lawsuit over auto-renewals
N.Y. man claims Symantec didn't tell him before charging his card, as 2009 settlement required
Computerworld - A New York man has sued security software maker Symantec for automatically renewing his subscription to Norton Antivirus, alleging that the company did not notify him before charging $76 to his credit card.
The lawsuit comes seven months after the New York Attorney General's office fined Symantec $375,000 for the practice and ordered it to give notice before renewing any subscription.
According to the lawsuit filed Jan. 19 in a New York County court, Kenneth Elan of Port Washington, N.Y., purchased a copy of Norton Antivirus in 2007. Early in November 2009, Symantec told him that it had automatically renewed his license to the software for one year, and charged his credit card $76.03. Elan said he had not been notified prior to the charge hitting his card.
Symantec's security software typically comes with a one-year license, which includes a subscription to new malware signature updates. When that initial signature subscription expires, consumers must renew to continue to receive anti-malware updates.
Many antivirus vendors enroll customers in automatic renewal programs when they purchase or activate the software, claiming that it's the only way to guarantee that users stay protected against new threats. Symantec started doing so in 2005, while rival McAfee began four years earlier.
But last June, New York Attorney General Andrew Cuomo announced that his office had reached a settlement with Symantec and McAfee over consumer charges that the companies didn't get users' approval to automatically bill them, and had made it difficult for customers to opt out or obtain refunds. Symantec and McAfee paid $375,000 each in penalties, and said they would clarify subscription renewal costs, and refund fees to consumers who asked for them within 60 days of being charged.
Symantec and McAfee also agreed to "provide electronic notification to consumers before and after renewal of the subscription," Cuomo's office said at the time.
The 2009 deal did not ban automatic subscription renewals, however.
Elan's lawsuit claimed that Symantec had not abided by the settlement. "Prior to the automatic renewal, defendant failed to offer plaintiff an opportunity to decline to renew the license for another year," the lawsuit maintained. "If plaintiff had notice of an opportunity to decline the automatic renewal, plaintiff would not have renewed the license."
Last July, Cuomo said the settlement with Symantec and McAfee meant that they could not longer "hide the ball with renewal fees."
Elan charged Symantec with deceptive business practices and unjust enrichment, and asked the court to make the company refund all fees generated by automatic renewals. He also asked the court to grant the lawsuit class-action status, which would open the case to a potential pool of thousands.
Symantec has not yet responded to Elan's lawsuit, according to court records.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer or subscribe to Gregg's RSS feed . His e-mail address is email@example.com.
Read more about Security in Computerworld's Security Topic Center.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts