Interactive toy giant Vtech, which exposed the personal details of over 5 million customers and their children, is facing a major backlash after it quietly changed its terms to say that families using its software did so at their “own risk”.
The bumbling attempt to shift responsibility onto customers has already sparked a stiff rebuke from the Information Commissioner’s Office, which has confirmed that the onus remains with the company to ensure customer data is secure.
The ICO is still investigating the December breach of Vtech’s Learning Lab app that saw the details of more than 727,000 British children stolen.
And now it has emerged that both Argos and John Lewis are demanding answers from the firm, which markets some of the most popular interactive toys on the market.
“The security of our customers’ personal data is of the utmost importance to us,” Argos told the BBC. “We are aware of the story relating to VTech and we are in conversations with them to learn more before taking any action.”
John Lewis added: “We are in active conversations with VTech around this issue.”
Some security experts have called for a mass boycott of the Hong Kong-based company’s products, although the UK’s Toy Retailers Association insists VTech remains “reputable”.
Following the breach, Vtech suspended its Learning Lodge app management platform and hired security firm FireEye. It relaunched the service the end of last month.
“The Learning Lodge terms and conditions, like the T&Cs for many online sites and services, simply recognise that fact by limiting the company’s liability for the acts of third parties such as hackers,” a spokeswoman explained. “Such limitations are commonplace on the web.”
5m customers hit as kids’ toy firm Vtech is hacked
To leave a comment please register – it takes less than a minute and is free of charge. You will also get our weekly email update The DM Report (to opt out contact firstname.lastname@example.org). If you are an existing user, please log in. If you have forgotten your log-in details please email email@example.com to get them reset!