Toy Maker VTech Fined $650K For Failing To Protect Personal Data Of Children

Electronic toy maker VTech has reached a settlement with the Federal Trade Commission, with the company agreeing to pay a $650,000 fine for violating a U.S. children’s privacy law.

According to the FTC, VTech violated the law by “collecting personal information from children without providing direct notice and obtaining their parent’s consent, and failing to take reasonable steps to secure the data it collected.”

A complaint by the Department of Justice alleged that the company’s Kid Connect app collected the “personal information of hundreds of thousands of children” while VTech failed to notify parents or obtain verifiable consent from parents — a requirement under the Children’s Online Privacy Protection Act (COPPA). The FTC also alleged that VTech did not use “reasonable and appropriate data security measures” to protect that data.

VTech required parents to provide personal information before using the Kid Connect app or the company’s Planet VTech chat and gaming platform. That information included names and email addresses, as well as children’s names, birthdates, and genders. The company also collected personal information from kids who used the Kid Connect app.

Millions Affected

The FTC notes that as of November 2015, “about 2.25 million parents had registered and created accounts with Learning Lodge for nearly 3 million children. This included about 638,000 Kid Connect accounts for children.”

In November 2015, a hacker was able to access VTech’s network and found the personal data of parents and children, as well as children’s photos, recordings, and chat logs. Details on that breach can be found at Motherboard.

VTech also falsely told consumers that any personal data collected by the company would be encrypted, when that wasn’t actually the case.

Beyond the fine, VTech must implement “a comprehensive data security program, which will be subject to independent audits for 20 years.” The FTC also states that VTech is “permanently prohibited from violating COPPA in the future,” though one would hope that would go without saying.

(H/T TechCrunch)

Phil Dzikiy

Phil Dzikiy

Phil Dzikiy is the former editor in chief of Security Baron. Before, he has worked as a freelance writer and editor at websites like and along with publications like the Lockport Union Sun & Journal and the Greater Niagara Newspapers. With digital and print experience under his belt, Phil has a passion for all things technology including home security, cyber security, and the smart home. His bachelor's degree in Journalism from the University of Maryland College Park initially landed Phil his first job at the Beaver County Times, which has lead to over 15 years of experience as a journalist.

Trending News

Follow Us