Tag Archives: VTech

VTech’s Totally Novel Cyber Security Solution

VTech, the Hong Kong based maker of kids toys, among other items (like phones), has a truly novel solution to the whole cyber security problem.  I am not sure why no one has come up with this as a solution before.

As a reminder, VTech announced a breach in November of last year of their Internet connected kids toys.  The toy maker encourages kids to sign up at VTech’s online properties and download apps and socially engage with other VTech (children) customers.  Since they are under 13, their parents have to be involved as well.

The result was that about 7 million kids had their information compromised as well as millions of adults.  Information taken includes names and addresses as well as secret questions (which are likely reused at other sites and tied to that person’s name and address), kids birth dates and other information.

So what is their novel answer?

Change the terms and conditions that no one reads to say that you acknowledge that information that you give them may not be secure and may be “acquired” by hackers.

Needless to say, this doesn’t solve any problem and likely doesn’t protect VTech, but more about that later.

What this does do for VTech is give them lots of media attention along with suggestions that parents don’t buy their products.  Certainly, there is some truth to the statement that voting with your pocketbook is something that companies understand.

One thing for them to consider.  There are laws in many countries, including the U.S., that require companies that collect non public personal information to protect it.  Adding a sentence to your user agreement does not absolve you from liability under those laws.

Also, the E.U.’s General Data Protection Regulation, recently approved and coming into force in early 2018 , has a strong incentive for VTech to NOT use this strategy.  Penalties under the GDPR for failing to protect consumer’s information including things like location data and IP address is up to 20 million Euros or 4% of a company’s annual revenue, whichever is GREATER.

So companies that think that changing their terms is a solution to their cyber security problems probably should reconsider that.


Information for this post came from Data Breach and The New York Times.

Merry Christmas – Is Your Child A Victim of Identity Fraud?

Now that Christmas has come and gone and your kids are actively playing with their new goodies, have you considered protecting their identities from fraud?

Two recent breaches bring the subject to the forefront.  VTech Holdings, the Hong Kong based toy maker offers an app store called Learning Lodge and messaging system called Kid Connect.  In November, after a journalist told them they had been hacked, they said that information on almost 5 million adults and 200,000 kids had been taken.  A few days later they revised that to 6.4 million kids.

This month, the toy maker Sanrio, who makes the Hello Kitty line of toys, among others, was hacked and exposed information on over 3 million customers.

In both cases the data was not encrypted, although since we don’t have details of the attacks, we do not know if encryption would have helped.  In the Sanrio case, the user’s passwords were not encrypted – that we know is a problem.

So why are kids especially vulnerable?  Because attackers know that parents do not look for identity fraud for their kids.  If someone assumes your kid’s identity, it is likely that you will not discover it.  In theory, an attacker cannot open a credit card in your kid’s name, if your kid is under 18.  In theory.  There are plenty of other kinds of fraud to consider.

In fact, according to the Tech Times article:

If an adult looking into getting a “free ride” for a few days, months or, worse, years, is able to obtain that clean slate and claim it as theirs, they can start using your child’s information to mask their own identities. They wouldn’t have much of a problem with getting caught too soon unless the parent decides to check up on their child’s record and discovers the anomalous activity.
The affected child could wake up many years later as an adult prepared to lead a responsible life only to find out they already have a bad credit score and incurred a huge debt.

For parents, this means monitoring what your kids are doing online, checking their credit reports and generally being observant. 

Just in case you think I am a member of the tin foil hat crowd, I am.  By the way, MIT did some research and discovered that for certain raido wave frequencies, tin foil hats actually increase the amount of radio waves absorbed, but I digress.  A quick Google search shows that even the Federal Trade Commission has a page on child identity theft (see here).

So while your kids play with their new toys, now is the time to start training them about identity theft.



Information for this post came from Techtimes and CNBC.