Lawmakers press toymaker for hack details

Lawmakers press toymaker for hack details
© Getty Images

A bipartisan pair of lawmakers is pressing digital toymaker VTech for answers on how it collects and locks down children’s information after the company acknowledged that a hack had exposed over 6.3 million kids' data.

“This breach raises a number of concerns,” wrote Sen. Ed MarkeyEd MarkeyClimate progressives launch first action against Biden amid growing frustration Senate Democrats urge Google to conduct racial equity audit Senate climate advocates start digging in on infrastructure goals MORE (D-Mass.) and Rep. Joe BartonJoe Linus BartonRep. Ron Wright dies after contracting COVID-19 Biden's gain is Democratic baseball's loss with Cedric Richmond Bottom line MORE (R-Texas), who both founded the Congressional Privacy Caucus when Markey was still in the House and have long advocated for children’s digital privacy.


VTech has said the information exposed for children only included names, gender and birthdates. But 5 million parent accounts were also exposed in the intrusion, compromising mailing and email addresses, security questions used for password resets, IP addresses, passwords and download histories.

Security experts who have reviewed the data say the pilfered information on children can be linked with their parents’ data, thereby revealing the kids’ full addresses and other information.

Markey and Barton said these reports raise concerns about how VTech is complying with the Children’s Online Privacy Protection Act (COPPA), the major federal law dictating how companies must handle children’s digital data.

The pair noted that the COPPA requires companies such as VTech to obtain consent from parents before collecting data on their children. These firms also must “take reasonable steps” to protect this data.

In a series of questions, Markey and Barton pressed VTech to explain exactly how it obtained the data that was stolen, and what steps — such as encryption — it uses to lock it down.

The lawmakers have requested a response by Jan. 8.