VTech will pay $650,00 to settle privacy breach charges that could have allowed hackers to gain access to data, including photos and audio files of children using the company’s electronic gadgets.
The data breach occurred in 2015, leading to the US Federal Trade Commission (FTC) to investigate and charge the toy company.
The FTC found that VTech had broken US laws governing the way data about children
is gathered and that it also failed to take reasonable steps to keep that data secure.
It is thought that the personal details of over 638,000 children were held on computer network servers, these were collected via VTech’s Kid Connect app, however, this was done without seeking the consent of parents nor were they inform how this data may be used. Data included the names of children, gender and an associated email address. The FTC found that it was possible for an attacker to collect this information.
The investigation also revealed that hackers could penetrate a database that held copies of encryption keys that would allow hackers to access photos and audio files uploaded by users.
In addition to the financial penalty, VTech has also pledged to uphold US child data protection laws in future and improve its security practices. For the next 20 years, the company will be subjected to regular independent data and privacy audits.