The Federal Trade Commission is distributing nearly $15.3 million to consumers who were harmed by Avast's deceptive privacy practices, marking another significant enforcement action in the agency's ongoing efforts to protect consumer data rights.

The payments, totaling $15,299,000, will reach 103,152 Avast customers who filed valid claims following the FTC's enforcement action against the antivirus software company. Recipients are receiving their refunds through checks, PayPal, or Zelle payments based on the method they selected when filing their claims.

The enforcement action stems from allegations the FTC brought against Avast in February 2024. The commission alleged that the cybersecurity company used its browser extensions and antivirus software to collect, store, and sell consumers' browsing information without providing adequate notice or obtaining proper consent from users.

The core of the FTC's case centered on what regulators characterized as a fundamental deception about Avast's data practices. According to the complaint, Avast marketed its software by claiming it would protect consumers' privacy by blocking third-party tracking. However, the FTC alleged that while Avast blocked other companies from tracking users, it simultaneously collected detailed, re-identifiable browsing data from those same consumers and sold that information to third parties.

This practice created what the FTC described as a bait-and-switch scenario where consumers believed they were purchasing privacy protection but were actually having their data harvested and monetized without their knowledge. The browsing data collected by Avast included detailed information about users' online activities that could be linked back to individual consumers.

The case highlights growing concerns about how cybersecurity and privacy software companies handle user data. Many consumers turn to antivirus and privacy tools specifically to protect their personal information, making deceptive practices in this sector particularly problematic for regulators.

As part of the June 2024 settlement agreement, Avast agreed to provide monetary redress to affected consumers and accepted significant restrictions on its data practices. The company is now prohibited from selling or licensing web browsing data for advertising purposes, addressing the core conduct that prompted the FTC's investigation.

The refund distribution process offers multiple payment options to accommodate consumer preferences. Those who selected checks have 90 days to cash their payments, as indicated on each check. PayPal recipients must redeem their payments within 30 days of receipt. Zelle payments are deposited directly into recipients' bank accounts.

Consumers who have questions about their payments can contact the refund administrator, Rust Consulting, Inc., at 1-866-290-0165. The FTC also maintains frequently asked questions about the refund process on its website to help consumers navigate any issues with their payments.

The FTC emphasized important consumer protection reminders in connection with the refund distribution. The commission never requires people to pay money or provide account information to file a claim or receive a refund. This warning comes as scammers often exploit legitimate government refund programs to trick consumers into providing personal information or paying fees.

The Avast settlement represents part of a broader pattern of FTC enforcement in the privacy and data security space. In 2024 alone, FTC actions resulted in more than $339 million in refunds to consumers across the country, demonstrating the agency's active role in securing monetary relief for consumers harmed by illegal business practices.

The case also reflects the FTC's focus on companies that make privacy and security claims to consumers. As data privacy becomes an increasingly important concern for consumers, the commission has prioritized enforcement against companies that mislead consumers about their data practices, particularly when those companies position themselves as privacy protectors.

For the broader market, the Avast enforcement action sends a clear message about the FTC's expectations for companies that collect and use consumer data. The prohibition on selling browsing data for advertising purposes represents a significant business model restriction that other companies in the cybersecurity and privacy space are likely monitoring closely.

The FTC provides state-by-state breakdowns of refunds through its interactive dashboards, allowing consumers and researchers to track the geographic distribution of enforcement benefits. This transparency helps demonstrate the nationwide impact of privacy enforcement actions and provides accountability for the commission's consumer protection efforts.

Consumers affected by the Avast practices who have not yet received payments should verify they filed valid claims and contact the refund administrator if they believe they should have received compensation. The refund process represents a concrete example of how federal enforcement can provide direct financial relief to consumers harmed by illegal business practices.