Lieff Cabraser Civil Justice Blog
Internet-Connected Toys for Kids Risk Exposure to Hackers

Internet-Connected Toys for Kids Risk Exposure to Hackers

Security issues and flaws relating to Internet-connected children’s toys are on the rise. Last year, more than 6 million children’s names, ages, and genders were disclosed when the leading manufacturer and distributor of digital learning toys, VTech, suffered a simple but devastating hack to its databases. A similar attack on allegedly insecure data stores affected Hello Kitty’s San Rio Town in late 2015 as well.

Kids are now vulnerable victims to toy security hacks and online threats. And many feel the toy industry has neglected its duties to safeguard the personal information of kids who are the consumers of the toys they manufacture. A child’s name, age, location, birthdate, spoken language, and gender can be exposed when the internet-connected toy’s software and applications aren’t secure. And this data becomes even more valuable as the children grow up — a hacker can hold on to all this identifying information and use it upon a child’s majority to cause significant harm and identity-based theft.

According to Bridget Karlin, managing director of Intel Corp.’s Internet of Things group, “As the number of connected toys continues to grow, so will the number of hackings.”

With all of this consumer data, hackers would have the ability to create phishing schemes that lead to financial fraud or identity theft. This sensitive information could also be used for financial identity crimes, or even child abduction. A hacker could also be able to “effectively take control of the device to do things such as change the account information, or monitor whether a child is playing with it or if an adult is using the related mobile app,” as noted in a report by Voice of America.

A toy may be marked and marketed as “safe for children ages 3+,” but this designation may bear little weight with regard to attendant data safety.

Lieff Cabraser’s Work in Digital Privacy & Data Security

Lieff Cabraser is committed to ensuring that the fundamental right to privacy is respected and endures even as technology evolves and society changes. Our attorneys possess extensive experience and the requisite technological background to successfully assert and litigate all manner of privacy claims. We represent individuals in precedent-setting cases impacting tens of millions of Americans against prominent technology, social media, and entertainment corporations for alleged violations of digital privacy rights and the failure to protect critically-sensitive data.

About the Hello Kitty Data Breach Investigation

Hackers have obtained information on more than 3 million people who use Hello Kitty websites, including SanrioTown.com, hellokitty.com, hellokitty.com.sg, hellokitty.com.my, hellokitty.in.th, and mymelody.com. The hackers obtained names, birth dates, genders, and email addresses. Even worse, the disclosure includes lightly-protected passwords, as well as the forgotten password questions and answers. Lieff Cabraser represents parents in nationwide class action lawsuits against device, app, and software creators for the compromised and stolen personal data, including children’s private personal data, in the wake of serious failures to properly secure the data. Learn more about the Hello Kitty Data Breach Investigation.

About the VTech Child Data Breach

Lieff Cabraser represents parents in a nationwide class action lawsuit against VTech arising after their children’s private personal information was obtained by hackers in the wake of VTech’s alleged failure to take reasonable precautions to secure the children’s data. The stolen information includes the children’s names, birthdates, images, email addresses, and home addresses. VTech acknowledges that data relating to more than 2.8 million children was stolen in the attack. Learn more about the VTech Child Data Breach.