VTech Electronics Limited has agreed to pay $650,000 as part of a settlement agreement with the Federal Trade Commission (FTC) for a 2015 breach that exposed millions of parents’ and children’s data.
On 8 January, the United States District Court in the Northern District of Illinois (Eastern Division) processed an action (PDF) by which the FTC will obtain $650,000 in monetary penalties from VTech, a Hong Kong-based electronic toys manufacturer.
The payment is part of a settlement agreement for a security incident that occurred back in November 2015 when an unauthorized party obtained VTech customer data housed in Learning Lodge, a platform which allows customers to download child-based games, apps, and other content. The breach, which VTech confirmed in a statement shortly thereafter, exposed the names, email addresses, encrypted passwords, mailing addresses, and other information of 4,833,678 parents who bought products from the company. It also compromised the names, genders, and birthdays of at least 200,000 kids along with photographs of the children and chats they had with their parents.
For expert commentary on the breach, listen here.
Lastly, the company misled customers about its use of encryption to protect their PII (Read more...)
This is a Security Bloggers Network syndicated blog post authored by David Bisson. Read the original post at: The State of Security