VTech Trying To Avoid Hacker Attack Liability

Hi folks!

The UK’s data watchdog states that VTech’s new terms and conditions that say families using its software did so at their “own risk” would not clear it off the liability in the case of future hacker attacks.

Following this, some security experts suggested parents to avoid these products. But the Toy Retailers Association has since said VTech remains “reputable”.

Last November VTech was alerted to the fact it had been hacked. They later confirmed that over 6.3 million children’s accounts and 4.8 million parent accounts had been compromised. The data exposed included Photos, voice messages, and chat conversations between the adults and their children.

Last month they restored Learning Lodge app management platform by hiring a security firm FireEye.

The software usage terms stated: “You acknowledge and agree that any information you send or receive during your use of the site may not be secure and may be intercepted or later acquired by unauthorised parties,” it added. “Use of the site and any software or firmware downloaded therefore is at your own risk.”

“The Learning Lodge terms and conditions, like the T&Cs for many online sites and services, simply recognise that fact by limiting the company’s liability for the acts of third parties such as hackers,” a spokeswoman explained.

VTech only absolves itself of responsibility in so far as “applicable laws” allow it to do so and this wouldn’t be possible in the UK.

“If VTech did suffer another breach, some people might be dissuaded from bringing a claim because of the terms and conditions, or VTech might be trying to give themselves room to argue that they aren’t liable,” said Paul Glass from the law firm Taylor Wessing.

“But under European and UK law the obligation is on the company in control of the data to take appropriate steps to protect the information from unauthorised disclosure or access.”

“Even if VTech did try and argue that people were contractually prohibited from bringing a claim, it is a difficult position for the firm to take.”

Now VTech is in the process of taking over another hi-tech toy firm, Leapfrog

The Toy Retailers Association, which represents much of the trade, was more robust in its defence of the firm.

“VTech are and have been a reputable supplier of toys and [were] subject to an indiscriminate hacker…  Under the circumstances they have and will continue to take all reasonable precautions to protect their customers…But like everyone else a hacker does not play by any moral rule,” said the body’s chairman Alan Simpson.

Mark James from the cybersecurity firm Eset commented that  “No company can protect 100% against the possibility of being hacked, but taking sufficient precautions and ensuring a good level of security is maintained should be the fundamentals of any policy where users’ private data is being held…To shift ownership over to the users is bad enough in itself but to make it known through walls of text in T&Cs is a bad way to do it – no one honestly reads it, especially a parent trying to set up something for their children.”

“Our minors’ data should be ultra-important for any organisation and protecting that should be their number one priority. If voting with your feet is the best way to make them understand, then maybe that’s the right thing to do.”

Source: Akati

Comments are closed.