SAN FRANCISCO/BOSTON (Reuters) - Online data tracking service comScore Inc siphons confidential information including passwords, credit card numbers and Social Security numbers from unsuspecting users, according to a lawsuit filed on Tuesday.
The proposed class action lawsuit, filed on behalf of two plaintiffs who downloaded comScore software, also says comScore scans all files on users' personal computers and modifies security settings, among other allegations.
The lawsuit against comScore, one of the leading companies that measures and analyzes Internet traffic, seeks an injunction against several alleged practices, as well as damages under U.S. electronic communications privacy laws.
ComScore collects data from people who get free software and chances to enter sweepstakes in exchange for their participation. It sells that information to more than 1,800 businesses around the world, including Best Buy Co, Facebook, Microsoft Corp and Yahoo Inc, according to comScore's website.
Concerns have surfaced about comScore's data collection practices in the past, though the complaint filed on Tuesday by Chicago-based law firm Edelson McGuire appears to be the first such legal action taken against the company.
The lawsuit says comScore's software scans all accessible files on a user's computer, as well as all files from other users on the same network, and transmits information about those files back to the company.
"We have reviewed the lawsuit and find it to be without merit and full of factual inaccuracies," said comScore spokesman Andrew Lipsman. "ComScore intends to aggressively defend itself against these claims."
Privacy advocates have grown more concerned about data collection, inadvertent or not, as people increasingly transfer tasks from shopping to banking onto the Internet.
Last year, Google Inc was criticized for its Street View cars, which roam city streets for mapping purposes, because they accidentally collected reams of data from open, unsecured Wi-Fi networks.
ComScore warns visitors to its premieropinion.com website that its software monitors all Internet activity, including filling a shopping basket, completing an application form or checking online accounts.
"We make commercially viable efforts to automatically filter confidential, personally identifiable information such as UserID, password, credit card numbers, and account numbers," the warning says.
"Inadvertently, we may collect such information about our panelists; and when this happens, we make commercially viable efforts to purge our database of such information."
In a 2008 blog post, comScore chairman Gian Fulgoni said the company obtains consent from people before installing data collection software, and that it does not disclose personally identifiable information to its clients.
ComScore data is routinely cited in media reports about consumer preferences and social networking website use, among other topics.
The company's biggest customer is Microsoft, which accounted for about 11 percent of the $175 million it took in last year. Media companies like News Corp are also clients, according to the lawsuit, as is Reuters parent company Thomson Reuters Corp.
The lawsuit does not accuse comScore clients of any wrongdoing. Best Buy, Microsoft and Thomson Reuters spokespeople declined to comment. Representatives for Facebook, Yahoo and News Corp were unavailable to comment.
According to the lawsuit, comScore attracts some users by advertising on websites. But the lawsuit also accuses comScore of using subsidiaries with innocuous names to disseminate its software and gain access to millions of consumers' computers and networks.
ComScore software is embedded in free screensavers, games and other applications without proper notice, according to the lawsuit, which was filed in a Chicago federal court.
Once downloaded, comScore software modifies a computer's firewall settings and gains full rights to access and change any file on the computer, the lawsuit says.
It is nearly impossible to disable the software once it is installed, the lawsuit says.
Jay Edelson, an attorney who represents the plaintiffs, said his firm began its investigation of comScore in July 2010.
"We retained multiple digital forensic firms, who each conducted dozens of independent tests," Edelson said.
The case in U.S. District Court, Northern District of Illinois, is Mike Harris and Jeff Dunstan, individually, and on behalf of a class of similarly situated individuals v. comScore Inc, case no. 11-cv-5807.
Editing by Ted Kerr and Robert MacMillan