Toy company fined for online data breach

Following disclosures in 2015 VTech – the toy company – has now been fined US$650,000  by the Federal Trade Commission for disgraceful and inexcusable lapses in security. That is not a huge sum for a company the size of VTech but I guess it is a shot across their virtual bows.

Here are some key extracts from the story.

“Not only was the website itself not secure, but the data were not encrypted in transit or at rest, contradicting security claims made in VTech’s privacy policy. This is not just poor practice, it’s a violation of COPPA, a rule meant to protect children’s privacy.”

“The number of parents and children affected is hard to estimate, but at the time nearly 5 million parent records and 227,000 child records were shown to be accessible. (to hackers) However, the FTC in the summary of its investigation notes:

…about 2.25 million parents had registered and created accounts….. for nearly 3 million children. This included about 638,000 Kid Connect accounts for children. In addition, about 134,000 parents in the United States created Planet VTech accounts for 130,000 children by November 2015…

And the Canadian Office of the Privacy Commissioner writes that “more than 500,000 Canadian children and their parents” were affected. “

About John Carr

John Carr is a member of the Executive Board of the UK Council on Child Internet Safety, the British Government's principal advisory body for online safety and security for children and young people. In the summer of 2013 he was appointed as an adviser to Bangkok-based ECPAT International. Amongst other things John is or has been a Senior Expert Adviser to the United Nations, ITU, the European Union, a member of the Executive Board of the European NGO Alliance for Child Safety Online, Secretary of the UK's Children's Charities' Coalition on Internet Safety. John has advised many of the world's largest internet companies on online child safety. In June, 2012, John was appointed a Visiting Senior Fellow at the London School of Economics and Political Science. More: http://johncarrcv.blogspot.com
This entry was posted in Default settings, E-commerce, Regulation, Self-regulation. Bookmark the permalink.