Following a data breach last year which exposed the personal information of over 6.3 million children, toy manufacturer VTech is finally responding - by modifying its terms and conditions to absolve itself of all responsibility.
The VTech brand took a well-earned hammering when security flaws in its platform allowed attackers to access databases filled with personal information on 6.3 million children - including chat logs and even photographs. In response to threats of legal action against the company, VTech management has responded: its new terms and conditions demand that parents, rather than the company, bear the responsibility for any future breaches.
It's an anti-customer move which has security specialists up in arms. 'This is a bad stance for a company to take. It’s trying to take a completely zero accountability approach to a product they are selling. On top of that, it could potentially set a terrible precedent for other technology companies,
' moaned Javvad Malik, security advocate at AlienVault, of the company's new terms and conditions. 'In today’s digital age, personal data is in some ways worth as much as currency. Imagine if the banks turned around and stated in their terms and conditions that by placing money with them, you lose any expectation that the money will be kept safe because bank robbers may loot the vault. I really hope VTech takes a look at their statement and the data they hold and reconsiders their position on the matter.
'This change to their terms and conditions is out of step with where both leading private enterprises and regulatory bodies are moving,
' added Ryan Kalember, senior vice president of cybersecurity strategy at Proofpoint. 'Despite likely being unenforceable in practice, it is a very worrying signal to be sending to customers, who should be counting on stronger measures to protect their personal data in the wake of the European Union’s newly stronger stance on data protection and personal privacy.
Full details of the company's security failings, and a reaction to the new terms and conditions from the researcher who first publicised them, are available from Troy Hunt's blog