Lawmakers press toymaker for hack details

Lawmakers press toymaker for hack details
© Getty Images

A bipartisan pair of lawmakers is pressing digital toymaker VTech for answers on how it collects and locks down children’s information after the company acknowledged that a hack had exposed over 6.3 million kids' data.

“This breach raises a number of concerns,” wrote Sen. Ed MarkeyEdward (Ed) John MarkeyThere's a lot to like about the Senate privacy bill, if it's not watered down Trump administration drops plan to face scan all travelers leaving or entering US Advocates hopeful dueling privacy bills can bridge partisan divide MORE (D-Mass.) and Rep. Joe BartonJoe Linus BartonLongtime GOP aide to launch lobbying shop Katie Hill resignation reignites push for federal 'revenge porn' law Shimkus says he's been asked to reconsider retirement MORE (R-Texas), who both founded the Congressional Privacy Caucus when Markey was still in the House and have long advocated for children’s digital privacy.


VTech has said the information exposed for children only included names, gender and birthdates. But 5 million parent accounts were also exposed in the intrusion, compromising mailing and email addresses, security questions used for password resets, IP addresses, passwords and download histories.

Security experts who have reviewed the data say the pilfered information on children can be linked with their parents’ data, thereby revealing the kids’ full addresses and other information.

Markey and Barton said these reports raise concerns about how VTech is complying with the Children’s Online Privacy Protection Act (COPPA), the major federal law dictating how companies must handle children’s digital data.

The pair noted that the COPPA requires companies such as VTech to obtain consent from parents before collecting data on their children. These firms also must “take reasonable steps” to protect this data.

In a series of questions, Markey and Barton pressed VTech to explain exactly how it obtained the data that was stolen, and what steps — such as encryption — it uses to lock it down.

The lawmakers have requested a response by Jan. 8.