Members of Congress are asking for more information from Hong Kong-based toymaker VTech about its collection of data on kids after a hacker swiped info from 5 million parent accounts and nearly 6.4 million child profiles in November.
In a letter sent to the company on Wednesday, Sen. Ed Markey (D-MA) and Rep. Joe Barton (R-TX) raised questions including how VTech collected data on children, how that data is stored and what the company does with the information, if anything.
"We write to convey our concerns about the recent cybersecurity attack on your company and the resulting theft of private information on millions of Americans, including children 12 years old and younger," the lawmakers said in the letter addressed to VTech Chief Executive Allan Wong Chi Yun. "This breach raises several questions about what information VTech collects on children, how that data is protected, and how VTech complies with the Children’s Online Privacy Protection Act."
The hack was first revealed by tech site Motherboard, which reported that it had been in contact with the hacker. The hacker said in an interview with Motherboard on Wednesday that he didn't intend to sell or publish the data, and went to the media because he thought VTech "would never listen."
Officials including the Office of the Privacy Commissioner for Personal Data in Hong Kong and the state attorneys general in Connecticut and Illinois have plans to probe the loss of data.
About 2.2 million parent accounts and 2.9 million child profiles affected were for customers in the United States, VTech said on Tuesday. The company's Learning Lodge app store customer database was breached and VTech Kid Connect servers accessed.
"As customer safety and privacy are of utmost importance to us, we are making all necessary adjustments to our system security, which will include only storing such information as is required for our customers to download and enjoy our services," the company said in a statement. "All other information will be deleted from our servers."