If you fancy technology and you have small children, then you might have heard about the company named VTech Electonics. The main focus of this article is VTechKids.com.
VTech is an electronic toy manufacturer based in Hong Kong, which, according to the FTC, has violated children’s privacy. On the 8th of January, the company agreed to settle and pay a fine of $650,000. The money should be payed in the following 7 days.
Children’s privacy is ensured by the Children’s Privacy Act published in 1998.
All started in the year 2015 when a data breach leaked personal data of their users and the personal data of their children. According to Vtech’s 2015 Statement,
“VTech Holdings Limited today announced that an unauthorized party accessed VTech customer data housed on our Learning Lodge app store database on November 14, 2015 HKT. Learning Lodge allows our customers to download apps, learning games, e-books and other educational content to their VTech products.”
“It is important to note that our customer database does not contain any credit card information and VTech does not process nor store any customer credit card data on the Learning Lodge website. To complete the payment or check-out process of any downloads made on the Learning Lodge website, our customers are directed to a secure, third party payment gateway.”
On the bright side, in the same statement it has been mentioned that:
“In addition, our customer database does not contain any personal identification data (such as ID card numbers, Social Security numbers or driving license numbers).”
Nevertheless, personal information that included children’s first and last names, email addresses, dates of birth, and genders have been leaked. Soon after, Motherboard did an interview with the person that stole data ( images, chat logs, and even audio files).
“Frankly, it makes me sick that I was able to get all this stuff.” – Motherboard
Soon after the breach, the company altered their TOS:
“You acknowledge and agree that any information you send or receive during your use of the site may not be secure and may be intercepted or later acquired by unauthorized parties.” – VTech TOS – item no.7
Fast forward to 8th of January 2018, and according the FTC order, VTech has settled for a fine of $650.000.
According to the FTC’s complaint, VTech:
Furthermore, VTech has to implement a data security program that will face biannual independent audits that will span over a period of 20 years.
In Monday’s announcement of the VTech settlement, the acting FTC Chairwoman Maureen K. Ohlhausen said:
“As connected toys become increasingly popular, it’s more important than ever that companies let parents know how their kids’ data is collected and used and that they take reasonable steps to secure that data. Unfortunately, VTech fell short in both of these areas.”
Even though this was the first case against children’s privacy violations to be settled, since toys become more and more connected, I’m going to be it will not be the last one.
Can’t wait to see the a new app called “Smartphone Hide’n’Seek”.