In November 2015, electronic toy manufacturer VTech’s company’s “Learning Lodge” app store was hacked, affecting five million customers, over half of whom were not adults. While the data breach did not didn’t reveal credit card data, social security numbers, or driver’s license IDs, it gave the hackers access to customers’ names, addresses, encrypted passwords, birthdays, and genders for kids.
On behalf of the Federal Trade Commission (FTC), the Department of Justice (DOJ) sued VTech for violating online privacy laws for children. This has been FTC’s first children’s privacy case involving Internet-connected toys. VTech had failed to directly notify the parents that they were storing users’ data, didn’t get parents’ consent to store the data, and failed to protect the data it acquired. Therefore, VTech violated the Children’s Online Privacy Protection Act (COPPA).
On January 8, 2018, VTech agreed to settle to the charges and will pay $650,000 as part of the settlement with the FTC. (Note that the $650,000 figure does not include any first-party costs incurred by VTech, such as forensics and remediation.) VTech must also implement a comprehensive data security program that will be audited every year for the next 20 years.
The VTech settlement stresses the importance of having strong data security practices that are regularly updated and reviewed, and shows that the FTC is up to the task of protecting consumers online. It also highlights the risk of collecting data on children and the importance of following COPPA compliance requirements as the Internet of Things market continues to grow. Smart toy sales are expected to reach $15.5 billion by 2022, up from an estimated $4.9 billion in 2017, according to a report from Juniper Research.
If your client’s company was in a similar situation, and had a cutting-edge cyber coverage, such a policy could cover a wide range of costs, including fines and penalties, victim notification, and forensics to repair the holes in the network that allowed hackers to access the data.
Cyber coverage is highly complex, and so are the needs of technology companies. Call us today for help placing the right coverage.