The suit, filed at U.S. District Court in Chicago on Wednesday, claims WOW gave NebuAd Inc. virtually unlimited access to personal information of at least 330,000 people in Chicago; Evansville, Ind.; Detroit; Cleveland; and Columbus, Ohio.
NebuAd’s advertising system reportedly exploits normal browser platform security behaviors by forging IP packets, allowing its own JavaScript code to be written into source code trusted by the web browser.
Redwood City, Calif.-based NebuAd paid WOW for each person they spied on, and used the information to deliver customized ads based on people's Internet search preferences, the suit said. It also adds that WOW lied to Congress last year when it said that it had made an agreement with NebuAd.
WOW also lied to its customers by telling them that their personal information was safe, claiming in company literature that customers should be “rest assured that WOW does not and will not share personally identifiable information with any advertiser."
“Owing to WOW’s unique position as an ISP for a large consumer population, it was able to divert Internet traffic on a massive scale,” the suit said. “Assuming a single user from each of 330,000 customer accounts visited one website per day during a five-month period, the number of diverted incoming and outgoing communications would exceed 100 million.”
The suit demands that WOW hand over all the money it received from NebuAd for distribution to the class.
It also wants WOW ordered to delete all of its stored personal information, plus restitution and damages for invasion of privacy, unjust enrichment, eavesdropping and violation of the Computer Fraud and Abuse Act.