Congress wants VTech details on child data it collects (updated)

VTech Holdings

02/12/2015 19:03

(Adds that VTech could not be reached for comment) 
    By Jim Finkle 
    Dec 2 (Reuters) - U.S. lawmakers on Wednesday asked digital 
toymaker VTech Holdings Ltd  0303.HK  why it collects data on 
children, and how it secures that information, following a cyber 
attack that exposed records on 6.4 million youngsters in company 
databases. 
    In a letter, two leaders of a congressional group focused on 
privacy asked VTech for specific information on what data it 
collects on children aged 12 and younger, how it uses the 
information, and whether it shares or sells such data. 
    "This breach raises several questions about what information 
VTech collects on children, how that data is protected, and how 
VTech complies with the Children's Online Privacy Protection 
Act," Democratic Senator Edward Markey and Republican 
Representative Joe Barton said in the letter, referring to a 
1998 law aimed at enabling parents to control their children's 
information. 
    Representatives for Hong Kong-based VTech could not be 
reached for comment on the letter, which was released overnight 
in Asia. 
    They made the request after VTech disclosed on Tuesday that 
the breach compromised data on 6.4 million children and 4.9 
million adults. Security experts say it is the largest known 
cyber attack targeting children's data.  urn:newsml:reuters.com:*:nL1N13Q2BC 
    The incident raises questions about the company's adherence 
to the law and steps it had taken to protect children's personal 
information, according to Markey and Barton, co-founders of the 
Bi-Partisan Congressional Privacy Caucus. 
    The company has said that it was at fault. 
    "Regretfully, our database was not as secure as it should 
have been," VTech said in a detailed document on the breach 
published on its website. (http://bit.ly/1LM1RMQ) Nearly half of 
the compromised parent and child profiles were in the United 
States. 
    Security experts and one equity analyst said the company 
could face government inquiries and private lawsuits from 
customers worldwide. 
    "Ninety percent of VTech's revenue comes from developed 
markets where consumer protection policies are more stringent," 
said Warren Lau, an analyst for Maybank KimEng Securities. "It 
comes at an unfortunate time as well, a few weeks away from 
Christmas." 
    VTech shares have fallen 2.73 percent since it first 
revealed the hack on Nov. 27, while the Hang Seng index  .HSI  
was down 0.38 percent during the same period.     
    The U.S. lawmakers asked how the company plans to alert 
affected customers and prevent future breaches and requested 
that VTech respond by Jan. 8. 
 
 (Reporting by Jim Finkle; Additional reporting by Linda Stern 
and Clare Baldwin; Writing by Susan Heavey; Editing by Doina 
Chiacu, Richard Chang and Bill Rigby) 
 ((sheavey@thomsonreuters.com; Twitter @susanheavey; 
202-898-8300; Reuters Messaging: 
susan.heavey.thomsonreuters.com@reuters.net)) 
 
Keywords: VTECH CYBERSECURITY/CONGRESS