VTech has reached a settlement with the Federal Trade Commission over the toy maker’s earlier mishandling of children’s personal data and a resulting 2015 data breach.
The settlement and preceding data theft incident serve to once again remind developers of the importance of complying with the Children's Online Privacy Protection Act (COPPA) and also ensuring that the security measures protecting personal data are up to snuff.
The $650,000 settlement resolves the FTC’s two-year investigation into the major data leak that saw the theft of personal information belonging to 5 million customers, including over 200,000 children.
The breach itself came in 2015 after a hacker was able to gain access to VTech customer data by breaking into the database for its app store Learning Lodge. That intrusion called attention to the data itself, which the Department of Justice and the FTC says was gathered without the explicit consent of parents and as such violated the COPPA.
VTech says it has since overhauled its data security policy, taken measures to strengthen the protection of customer data, and brought its collection methods inline with COPPA. As part of the agreement, VTech will pay a $650,000 fee and, from a legal standpoint, has not been found guilty of or admitted to any violations of law or liability.
Back in 2015, the VTech data breach shined a spotlight on the importance of privacy protections for digital game makers. Since, developers and game companies like Unity, Disney, Syblo, and Kiloo have also run afoul of COPPA for mishandling the collection or safekeeping of personal data belonging to children.