FTC Fines VTech $650K For Massive Data Breach and Violation of Child Privacy Law

Last Updated on December 26, 2019 by Danielle

InnoTab MAX

Toy company VTech fined for breach affecting hundreds of thousands of parents and children and violating Child Privacy Law.

Toymaker VTech was ordered and agreed to pay $650,000 in settlement charges to the Federal Trade Commission for violating privacy law. Evidently, the Hong Kong-based toy company stored data on more than 638,000 children without permission from parents or users and didn’t take required actions to adequately protect its database from hackers.

Reportedly, a hacker was able to breach data from VTech’s Learning Lodge apps back in 2015. Information on hundreds of thousands of children was readily accessible. This includes data such as photos, text messages, and audio messages. Email addresses, names, and gender information were stolen during the breach. This impacts VTech smart connected toys like VTech InnoTab tablets, MobiGo, V.Reader, Kidizoom Cameras, and Kidizoom Smartwatches with apps connecting to the Internet. Surprisingly, even though the breach occurred in 2015, it has not been until now that the FTC has actually taken action. Regarding this case, child advocates demand swifter action from the FTC regarding complaints, such as privacy violations.

Incidentally, this is not the first time smart internet-enabled toys have been hacked. This is an ongoing problem now with smart connected toys. You may recall back in December 2015, Mattel’s Hello Barbie was also compromised. Similarly, there were breaches for Cloud Pets and My Friend Cayla — both internet-connected toys. In the latter instance, German officials called for an all-out ban of the toy.

VTech was in clear violation of the 1998 Children’s Online Privacy Protection Act, which requires companies to inform parents and obtain their consent before collecting their child’s information online. Furthermore, the law requires companies to take the necessary actions to keep any collected information secure from hackers. VTech failed on both fronts but is making amends after the settlement.

In a statement from acting FTC chairman, Maureen Ohlhausen, she stated: “As connected toys become increasingly popular, it’s more important than ever that companies let parents know how their kids’ data is collected and used and that they take reasonable steps to secure that data”.

So what has VTech done to make amends? First, it has updated its privacy policies in compliance with privacy and security laws. VTech has also updated its data security policy and implemented robust measures to better protect consumer data. Finally, it has taken measures to comply with the Children’s Online Protection Act. Additionally, VTech will be subjected to periodic independent data and privacy audits over the course of the next 20 years.

The big takeaway is that parents need to be extra cautious when purchasing these internet-connected smart toys that are becoming increasingly popular. Clearly, even big toy companies like VTech were not taking the required actions to ensure our children’s privacy is protected according to establish laws even after all the previous violations. They’re taking shortcuts and now it’s costing them. Although they were fined, this honestly seems simply like a mere slap on the wrist. As parents, remember, we vote with our hard-earned dollars and can choose whether or not to purchase such toys if companies are not being socially and ethically responsible. This should serve as a wake-up call to all toy companies to step up their efforts in relation to child privacy and the FTC needs to hold toy companies accountable more swiftly and deliver far greater fines to propagate immediate desired action. At the end of the day, everyone stands to benefit from such action.

Parents – what do you think – was the $650K fine for exposing 638,000+ parents and children’s information sufficient in this case? What do you think about the delayed actions and response from the FTC? Sound off in the comments below. We’d love to hear your thoughts on this ongoing issue of child privacy in the toy industry. Clearly, it matters a great deal to us. When are we going to see REAL accountability and action?! Now we’re in 2018, it’s about time!

No comments yet.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Toy Buzz is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to (amazon.com, amazonsupply.com, or myhabit.com)