The U.S. Federal Trade Commission says it has reached a settlement with Hong Kong toymaker VTech, which in late 2015 exposed sensitive personal data for millions of children and parents because of a security vulnerability.
The BBC reported that VTech has also vowed to "to uphold USA child data protection laws in future", and has "agreed to improve its security practices and will be subjected to regular independent data and privacy audits for the next 20 years". It also compromised the names, genders, and birthdays of at least 200,000 kids along with photographs of the children and chats they had with their parents.
The company said in a statement that it agreed to the settlement to address issues that were resolved long ago and did not admit any wrongdoing. The hackers were also able to download about 190 GBs of photos from VTech's Kid Connect app - the images were reportedly head shots that the company lets users take and send through the chat app. "Parents should read a company's privacy practices, make sure that companies get their permission to collect their children's information and be aware of their other rights". The FTC also alleged that VTech did not use "reasonable and appropriate data security measures" to protect that data.
The commission added that the complaint brought against VTech, which is based in Hong Kong, and its US -based subsidiary is the first privacy case focused on "Internet-connected toys".
Firms are required to notify and obtain consent from parents of children under 13 when collecting such data in America, according to the Children's Online Privacy Protection Act.
JP Morgan Chase CEO Says He Regrets Calling Bitcoin a Fraud
More mainstream investors are exploring bitcoin after several exchanges started listing futures late a year ago . For months, the JPMorgan Chase CEO was one of bitcoin's most vocal high-profile critics.
News of the hack on VTech, a Hong Kong-based firm that produces electronic devices for kids, first hit headlines in November 2015 after a hacker gained access to the company's system's using an SQL injection. VTech also collected personal information from children when they used the Kid Connect app.
The FTC notes that as of November 2015, "about 2.25 million parents had registered and created accounts with Learning Lodge for almost 3 million children".
"We are pleased to settle this two-year-old investigation by the FTC", said Allan Wong, chairman and group CEO of VTech Holdings. Some of VTech's products allow children to record messages for their parents, which were retrievable over the internet. "Following the cyber attack incident, we updated our data security policy and adopted rigorous measures to strengthen the protection of our customers' data".
The FTC has pursued numerous cases alleging violations of federal privacy law over the years against developers of online games and apps. But it has drawn a skeptical response from some in the ed-tech community, who worry about what data will be collected and how it will be used.