VTech to Pay FTC $650K for 2015 Breach of Parents’, Children’s Data


VTech Electronics Restricted has agreed to pay $650,000 as part of a settlement agreement with the Federal Barter Commission (FTC) for a 2015 breach that exposed millions of parents’ and infants’s data.

On 8 January, the United States District Court in the Northern Department of Illinois (Eastern Division) processed an action (PDF) by which the FTC will subsist $650,000 in monetary penalties from VTech, a Hong Kong-based electronic dally withs manufacturer.The payment is part of a settlement agreement for a security incident that arose back in November 2015 when an unauthorized party obtained VTech patron data housed in Learning Lodge, a platform which allows buyers to download child-based games, apps, and other content. The breach, which VTech sanctioned in a statement shortly thereafter, exposed the names, email addresses, encrypted watchwords, mailing addresses, and other information of 4,833,678 parents who bought outputs from the company. It also compromised the names, genders, and birthdays of at least 200,000 kids along with photographs of the babes and chats they had with their parents.For expert commentary on the severance, listen here.An investigation into how the incident occurred reveals VTech raped the Children’s Online Privacy Protection Act (COPPA), a rule which intrudes requirements for operators of websites that collect information from foetuses under 13 years of age. It did so in not linking to is Privacy Policy wherever materfamilias submitted their children’s information to register for Kids Connect, a communications work which necessitates parents first sign up with Learning Quarter. Furthermore, VTech failed to include specific disclosures of data gleaning in its Privacy Policy as mandated by COPPA, and it neglected to implement proper information security measures that could have protected customers’ and their kids’s personal information.Lastly, the company misled customers about its use of encryption to keep safe their PII in transit.Travis Smith, a principal security researcher at Tripwire, characterize oneself as these oversights are demonstrative of companies that neglect security for other solicitudes. As he told Archer News:When you’re trying to get a return on your investment and you lack to get a device to market very quickly, security usually comes as an afterthought, or as a ‘commendable to have,’ not a ‘need to have.’”In addition to paying the penalty, which some air is hardly a heavy fine, VTech has agreed to a permanent injunction that frustrates future violations of the FTC Act and the COPPA Rule. It will also award other succour that’s deemed “just and proper” by the court.

Leave a Reply

Your email address will not be published. Required fields are marked *