Lawmakers press toymaker for hack details

Lawmakers press toymaker for hack details
© Getty Images

A bipartisan pair of lawmakers is pressing digital toymaker VTech for answers on how it collects and locks down children’s information after the company acknowledged that a hack had exposed over 6.3 million kids' data.

“This breach raises a number of concerns,” wrote Sen. Ed MarkeyEd MarkeyUS national security policy in the 117th Congress and a new administration OVERNIGHT ENERGY: Biden eyes new leadership at troubled public lands agency | House progressives tout their growing numbers in the chamber at climate rally | Trump administration pushes for rollback of Arctic offshore drilling regulations House progressives tout their growing numbers in the chamber at climate rally MORE (D-Mass.) and Rep. Joe BartonJoe Linus BartonBiden's gain is Democratic baseball's loss with Cedric Richmond Bottom line Lobbying world MORE (R-Texas), who both founded the Congressional Privacy Caucus when Markey was still in the House and have long advocated for children’s digital privacy.


VTech has said the information exposed for children only included names, gender and birthdates. But 5 million parent accounts were also exposed in the intrusion, compromising mailing and email addresses, security questions used for password resets, IP addresses, passwords and download histories.

Security experts who have reviewed the data say the pilfered information on children can be linked with their parents’ data, thereby revealing the kids’ full addresses and other information.

Markey and Barton said these reports raise concerns about how VTech is complying with the Children’s Online Privacy Protection Act (COPPA), the major federal law dictating how companies must handle children’s digital data.

The pair noted that the COPPA requires companies such as VTech to obtain consent from parents before collecting data on their children. These firms also must “take reasonable steps” to protect this data.

In a series of questions, Markey and Barton pressed VTech to explain exactly how it obtained the data that was stolen, and what steps — such as encryption — it uses to lock it down.

The lawmakers have requested a response by Jan. 8.