VTech passes data breach buck to parents, claims no liability

Not long after a horrendous hack of VTech's unencrypted servers gave hackers access to photos of over 6.4 million children, VTech has absolved itself of all liability, instead asking parents to take the blame.

As per VTech's new terms and conditions, if any data stored in its servers is hacked or accessed illegally, the ones responsible will be those who put the data there and not VTech.

VTech, digital toymaker HACKED! 190GB of photos hacked into!

"You acknowledge and agree that any information you send or receive during your use of the site and any software or firmware downloaded therefrom is at your own risk.

"Recognising such, you understand and agree that ... neither VTech nor [its partners] or employees will be liable to you for any ... damages of any kind.

"You acknowledge and agree that any information you send or receive during your use of the site may not be secure and may be intercepted or later acquired by unauthorised parties," so says VTech's terms and conditions.

Considering that VTech isn't willing to offer any consolation in terms of strengthening its encryption practices or sharing responsibility in case of any data breach in future is alarming for millions of consumers.

Hello Kitty hack: 3.3m users impacted as hackers breach online community

VTech requires parents to put in headshots as profile pictures and the data it stores in its servers includes accumulated chat logs dating back to several years. This means that if you have an account with VTech, a future hack may not only compromise your pictures, but everything you've talked about with your children since you started using VTech's products.

"Protecting customer, partner and employee data is a business requirement. Imagine if all the medical history questionnaires you fill out at the doctor's office had a big warning on top saying: ‘If someone steals the information you provide here, it's your problem.' Or a store saying: ‘Feel free to use your credit card, but we're not responsible if someone figures out how to steal the number from our systems.' Would you still do business with them?" said David Gibson, a parent as well as VP of strategy at security firm Varonis to the Inquirer.

EasyJet, Chiltern Railways and Aer Lingus didn't encrypt credit card data, says security firm

VTech sells electronic toys, baby monitors and children's tablets and retains confidential information of parents as well as their children like names, email addresses, passwords, IP addresses, mailing addresses, download histories, gender and birth dates. As per the company, about 5 million customer accounts and details of children had been stolen by the hackers in December.

Leave a Comment