Electronic Toymaker VTech Settles for $650,000 With FTC Over Children’s Privacy Suit

Shannon Liao, reporting for The Verge:

The Federal Trade Commission said today that the electronic toymaker VTech Electronics has agreed to settle for a fine of $650,000, to be paid within the next seven days, after charges that it violated children’s privacy. The Hong Kong-based VTech is also the parent company of LeapFrog, a popular brand for educational entertainment for children.

The FTC alleges that VTech collected “personal information of hundreds of thousands of children” through its KidiConnect mobile app “without providing direct notice and obtaining their parent’s consent.” The personal information included children’s first and last names, email addresses, date of birth, and genders. VTech also allegedly stated in its privacy policy that such data would be encrypted, but did not actually encrypt any of it. […]

The settlement dates back to the 2015 data breach that VTech suffered. By November 2015, about 2.25 million parents had registered and created accounts on VTech’s platform for almost 3 million children. At the same time, VTech was informed by media that a hacker had accessed its computer network and children’s personal information.

$650K is a slap on the wrist for a company with billions of dollars in annual revenue.

Monday, 8 January 2018