VTech and Equifax still on the hook for breaches

Back in 2015, the electronic toy manufacturer VTech suffered a particularly shameful data breach that exposed personal information for millions of people, including children.  Customers who registered for the company’s online Learning Lodge platform or its Kids Connect service had their information—190 GB worth of photos, chat logs, audio files and other tidbits—accessed by a hacker.  Fortunately, in this case the individual expressed no intention of using the data, only wanting to call attention to VTech’s vulnerability.

Nevertheless, the point was well taken.  The Department of Justice took legal action against VTech for violating online privacy laws, particularly for kids.  A settlement this week saw VTech agree to a $650,000 fine, which is a little paltry if you ask me, especially since VTech’s privacy policy back then gave a false guarantee about encrypting customer information.  Nor did the firm, as per the DOJ’s complaint, directly notify customers that it was storing their data, or get their consent in the first place.

At the very least, attention has been brought to VTech’s case, and they are still on the hook for the skin-crawling incident.

Nor has Equifax, that much more recent headline, been forgotten.  Also this week, the firm that neglected its way to a breach affecting more than 145 people must provide New York State regulators with any and all information pertaining to the breach.  This includes the agency’s plans to remediate the 8.4 million New Yorkers compromised, all “New York specific” data involved in the hack, and the total number of children younger than 16 who were affected.  This particular investigation falls under the purview of the New York Secretary of State, Rossana Rosado, but New York Attorney General Eric Schneiderman and the New York State Department of Financial Services are also conducting their own separate ones (as well as Schneiderman also introducing the SHIELD Act last year).  Clearly, Equifax still has a vast host of questions to answer, and rest doesn’t appear to be anywhere in its near future.


By: Jonathan Weicher, post on January 12, 2018
Originally published at:
Copyright: NetLib Security