Threat Intelligence

1/8/2018
03:45 PM
50%
50%

VTech to Pay $650,000 in FTC Settlement

VTech's Kid Connect app and its Planet VTech platform collected personal information on 760,000 children without parental permission, the FTC alleges.

VTech Electronics agreed to a $650,000 settlement payment and sanctions by the Federal Trade Commission (FTC) to resolve charges it violated the Children's Online Privacy Protection Act (COPPA), the FTC announced today.

Under COPPA, companies are required to directly notify parents or obtain verifiable parental consent when collecting personal information on their children and also take reasonable measures to safeguard the information. The FTC alleges VTech's Kid Connect app, which had 638,000 children accounts, and its now-defunct Planet VTech gaming and chat platform, which had 130,000 children accounts, violated COPPA requirements.

The FTC also alleges VTech made false claims in its privacy policy by stating it would encrypt information submitted to Planet VTech and also Learning Lodge, which houses the Kid Connect app. However, VTech did not encrypt any of the information, the FTC said.

The FTC settlement agreement also requires VTech to implement a comprehensive data security program, which will undergo independent audits for the next 20 years. VTech is also permanently prohibited from violating COPPA in the future and misrepresenting its security and privacy practices, as part of the settlement agreement.

Read more about VTech's settlement here.

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Microsoft President: Governments Must Cooperate on Cybersecurity
Kelly Sheridan, Staff Editor, Dark Reading,  11/8/2018
Why the CISSP Remains Relevant to Cybersecurity After 28 Years
Steven Paul Romero, SANS Instructor and Sr. SCADA Network Engineer, Chevron,  11/6/2018
5 Reasons Why Threat Intelligence Doesn't Work
Jonathan Zhang, CEO/Founder of WhoisXML API and TIP,  11/7/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Online Malware and Threats: A Profile of Today's Security Posture
Online Malware and Threats: A Profile of Today's Security Posture
This report offers insight on how security professionals plan to invest in cybersecurity, and how they are prioritizing their resources. Find out what your peers have planned today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-19220
PUBLISHED: 2018-11-12
An issue was discovered in LAOBANCMS 2.0. It allows remote attackers to execute arbitrary PHP code via the host parameter to the install/ URI.
CVE-2018-19221
PUBLISHED: 2018-11-12
An issue was discovered in LAOBANCMS 2.0. It allows SQL Injection via the admin/login.php guanliyuan parameter.
CVE-2018-19222
PUBLISHED: 2018-11-12
An issue was discovered in LAOBANCMS 2.0. It allows a /install/mysql_hy.php?riqi=0&i=0 attack to reset the admin password, even if install.txt exists.
CVE-2018-19223
PUBLISHED: 2018-11-12
An issue was discovered in LAOBANCMS 2.0. It allows XSS via the first input field to the admin/type.php?id=1 URI.
CVE-2018-19224
PUBLISHED: 2018-11-12
An issue was discovered in LAOBANCMS 2.0. /admin/login.php allows spoofing of the id and guanliyuan cookies.