LEAKY TOYMAKER VTech has settled with the US Federal Trade Commission (FTC) following a data breach that exposed the data of 6.5 million customers.
News of the hack on VTech, a Hong Kong-based firm that produces electronic devices for kids, first hit headlines in November 2015 after a hacker gained access to the company's system's using an SQL injection.
Subsequently, personal data of was exposed, including photos of millions of children, chat logs, passwords, email addresses, IP addresses and download histories.
"In total 4,854,209 customer (parent) accounts and 6,368,509 related kid profiles worldwide are affected," VTech admitted at the time, noting that the bulk of victims were located in the US, France and the UK.
Naturally, the US Department of Justice (DoJ), on behalf of the FTC, brought a lawsuit against the company, alleging it violated US children's privacy laws by collecting personal information from children without providing direct notice and obtaining their parent's consent and for failing to take reasonable steps to secure the data it collected.
The US Children's Online Privacy Protection Act (COPPA) requires that companies collecting personal information from children under 13 follow steps to ensure that the data is protected, including disclosing to parents the information it collects, how the information will be used, and seeking verifiable parental consent.
This week it was announced that VTech has agreed to pay a $650,000 fine as part of a settlement with the FTC. The firm is also "permanently prohibited" from violating COPPA in the future and from misrepresenting its security and privacy practices, and will be subject to independent audits for 20 years.
"As connected toys become increasingly popular, it's more important than ever that companies let parents know how their kids' data is collected and used and that they take reasonable steps to secure that data," said acting FTC chairman Maureen K. Ohlhausen. "Unfortunately, VTech fell short in both of these areas." µ
You can't fault them for speed
Investigation reveals that malicious code was injected into the firm's payment page
Plus the three-for-free
And it's not just on Ubuntu, neither