Privacy Class Action Alleges Lenovo Website Trackers Enabled Bulk Data Transfers to China
A proposed US privacy class action alleges Lenovo.com embedded extensive advertising and analytics tracking that enabled bulk transfers of Americans’ sensitive identifiers and browsing context to entities tied to China, potentially violating the Justice Department’s Data Security Program and its Bulk Sensitive Data Transfer Rule (28 C.F.R. Part 202). The complaint—filed in the US District Court for the Northern District of California by Almeida Law Group on behalf of a San Francisco resident—claims Lenovo’s web infrastructure used pixels, scripts, cookies, and real-time bidding components to collect persistent identifiers (e.g., IP addresses, advertising IDs/cookies) and “full-string URLs” that can reveal detailed user behavior.
The suit argues the DOJ framework was designed to prevent adversarial countries from acquiring large-scale behavioral data usable for surveillance or exploitation, and it cites thresholds and categories for “covered personal identifiers” (including device identifiers such as IMEI/MAC/SIM and advertising IDs). It alleges Lenovo’s site loaded numerous first- and third-party trackers from major ad-tech/analytics providers (including TikTok, Meta/Facebook, Microsoft, and Google) and that Lenovo knowingly permitted access to, or transfer of, bulk US sensitive personal data to “covered persons,” including entities allegedly under Chinese jurisdiction such as Lenovo’s foreign parent structure—claims Lenovo has not been shown to concede in the cited reporting.
Related Entities
Sources
Related Stories
Texas Lawsuit Alleging TP-Link Misled Consumers on Router Security and China Ties
Texas Attorney General Ken Paxton filed a lawsuit against **TP-Link Systems Inc.**, alleging the company deceptively marketed its networking and smart-home devices as secure and privacy-protective while the products were allegedly exposed to exploitation by **China-linked state-sponsored actors**. The complaint also asserts TP-Link misled consumers about product origin—promoting “**Made in Vietnam**” labeling while claiming manufacturing and development are dominated by **China-based subsidiaries and supply chains**, with Vietnam facilities described as performing largely final assembly. Texas further argues that TP-Link’s China-linked supply chain and alleged affiliations create national-security risk, including the possibility of compelled cooperation under Chinese data and intelligence laws. The state cited prior public reporting and research— including a **May 2023 Check Point Research** report tying **Camaro Dragon** activity to exploitation of **TP-Link firmware vulnerabilities**—as part of its rationale that the devices have been leveraged in campaigns targeting U.S. interests. TP-Link rejected the allegations, calling the lawsuit “without merit,” and stated it is an independent American company with core operations and infrastructure located in the U.S.
3 weeks ago
China-Linked Espionage Targeting U.S. Government and Technology Talent
U.S. authorities and researchers are highlighting **China-linked espionage** that increasingly leverages online recruitment and employment channels to access sensitive information. Reporting on recent federal cases describes foreign intelligence services posing as consulting firms, research groups, or recruiters to approach current and former U.S. government personnel—often starting via email or job platforms and escalating through staged interviews, fake websites, and payment offers—to solicit **classified or sensitive information**; multiple Justice Department actions in 2025 reportedly involved such virtual-first recruitment approaches. Separately, a former Google engineer, **Linwei Ding**, was found guilty of **economic espionage and trade secret theft** after prosecutors said he exfiltrated over 2,000 pages of confidential AI supercomputing documents (including TPU/GPU architecture details, orchestration software, SmartNIC networking designs, and internal system configurations) and uploaded them to a personal cloud account while maintaining undisclosed ties to China-based companies and engaging with a Shanghai-sponsored talent program. Broader context from CSIS’ long-running survey of Chinese espionage cases underscores that these incidents fit a sustained pattern since 2000 spanning both **human intelligence** and **cyber-enabled theft** targeting U.S. government and commercial technologies, while noting open-source case lists likely undercount the true scope.
1 months agoTexas Lawsuit Against Major TV Manufacturers Over Smart TV Data Collection
The Texas Attorney General has filed lawsuits against five leading smart TV manufacturers—Samsung, LG, Sony, Hisense, and TCL—alleging that their devices unlawfully collect and transmit users' personal data without consent. The lawsuits claim that these companies use Automated Content Recognition (ACR) technology to capture screenshots of what users are watching every 500 milliseconds, monitor viewing activity in real time, and send this information back to company servers. The data is then allegedly sold for targeted advertising purposes, raising significant privacy concerns, especially regarding sensitive information such as passwords and banking details that could be exposed. Texas is seeking damages under the Texas Deceptive Trade Practices Act, including up to $10,000 per violation and higher penalties for violations affecting seniors. The state also wants restraining orders to halt the collection, sharing, and selling of ACR data while the lawsuits proceed. Additional concerns have been raised about the potential for Chinese companies Hisense and TCL to be compelled to share U.S. consumer data with the Chinese government under China's National Security Law. The lawsuits emphasize that the collection of ACR data for advertising does not meet a consumer-necessity standard and constitutes an invasive breach of privacy.
3 months ago