Avast CEO Ondrej Vlcek has publicly apologised for the endpoint security firm’s sale of user data via a subsidiary named “Jumpshot”, and said he will be terminating the programme immediately – after the news broke this week that it was mining and selling the data of its 400 million-plus users.
The apology and decision came three days after Vice’s Joseph Cox broke the news that the Avast antivirus subsidiary was selling data mined from endpoint using (described as “Every search. Every click. Every buy. On every site”) with clients having included Google, Microsoft, Pepsi and McKinsey.
Rival security firms were quick with excoriating comment when the news emerged. Among them was Sam Curry, Cybereason’s CSO, who described the practice as “misleading and frankly disgusting, adding: “Antivirus companies who get into the practice of data brokering cease to be security companies.”
“We are the watchers who are supposed to spot the spyware and the potentially unwanted programmes and make the calls, and to never, ever fall into that grey zone. It’s corrupt, and hiding behind a EULA won’t do it.
Avast CEO: Jumpshot Terminated with Immediate Effect
Avast CEO Ondrej Vlcek, who took on the role seven months ago, said: “I – together with our board of directors – have decided to terminate the Jumpshot data collection and wind down Jumpshot’s operations, with immediate effect.
Saying that the programme had always been GDPR-compliant and only collected data from those opting in, he added: “We started Jumpshot in 2015 with the idea of extending our data analytics capabilities beyond core security.
“This was during a period where it was becoming increasingly apparent that cybersecurity was going to be a big data game. We thought we could leverage our tools and resources to do this more securely than the countless other companies that were collecting data.”
Vlcek, who took on the role as CEO of Avast seven months ago, said he had spent spent a lot of time “re-evaluating every portion of our business.”
“During this process, I came to the conclusion that the data collection business is not in line with our privacy priorities as a company in 2020 and beyond.
He added: “While the decision we have made will regrettably impact hundreds of loyal Jumpshot employees and dozens of its customers, it is absolutely the right thing to do. I firmly believe it will help Avast focus on and unlock its full potential to deliver on its promise of security and privacy.”
Avast’s share price has tumbled this week since the news broke. Whether the move is enough to reassure OEM partners – many of whom ship hardware with Avast pre-installed – that trust can be restored remains an open question.
See also: Avast Hacked, Intruder Got Domain Admin Privileges
