The U.S. government is warning Lenovo users to remove the Superfish adware from their computers.

The "systems that came with the software already installed will continue to be vulnerable until corrective actions have been taken," the Department of Homeland security said in an alert on Friday. "Starting in as early as 2010, Lenovo has pre-installed Superfish VisualDiscovery spyware on some of their PCs."

See also: How to get rid of Superfish adware on Lenovo computers

Lenovo has faced a scandal since news broke on Thursday that the company was preinstalling adware, called Superfish, on some of its consumer laptops. According to security experts, Superfish installs its own root certificate on computers, which makes it able to crack into HTTPS web connections. It also does this in a way that leaves windows open for hackers to potentially eavesdrop on secure web connections and steal sensitive data, including banking information.

Strangely, the U.S. government's Superfish timeline does not match up with the one provided by Lenovo. The company has said that it only preinstalled Superfish on laptops over the last few months. "The 2010 date is not accurate," Lenovo spokesman Brion Tingler told Mashable. "Lenovo has stated it preloaded this particular piece of software from Superfish starting in Sept 2014. Superfish has been around for years and its products have been available for download from sources other than Lenovo."

The U.S. government asserts that Superfish intercepts HTTPS encrypted connections using a "man-in-the-middle" attack. This could potentially compromise banking information and email accounts, according to the Department of Homeland Security.

Lenovo's chief technology officer Peter Hortensius denied to Mashable in an interview on Friday that Superfish breaks HTTPS connections. The software itself is not malicious, according to Lenovo. Rather, it is a flaw in the design.

"We have no evidence that Superfish itself is doing anything bad or malicious, but the reality is, the way that it’s constructed leaves itself open to doing something (malicious)," Hortensius said.

Security experts believe otherwise. Lenovo representatives are in damage control, attempting to quell a growing backlash.

Initially, Lenovo was hesitant to admit there were security risks caused by Superfish. The company has since backpedaled and now claims it is doing everything in its power to mend the problem.

When asked if Superfish posed a security risk to Lenovo users, Hortensius replied: "As currently implemented, yes, which is why we’re taking actions to remove it."