Hong Kong based toymaker VTech has been criticised by security experts because of its handling of cyber attacks.
Controversy surrounds new terms and conditions issued by VTech, which attempt to limit liability for breaches of cyber security suffered by the company. VTech experienced a hack in 2015 in which the personal details of millions of people who had used VTech’s Learning Lodge app store were stolen. The store allows users to download games, music, books and other products to VTech toys. The toy maker’s terms and conditions now state that customers must assume ‘full responsibility’ for use of the site and downloaded software, and must acknowledge that information sent and received during use of the site ‘may be intercepted or later acquired by unauthorized parties’.
Attempting to limit their liability in this way has led many experts to question VTech’s approach to security, with criticism levelled at the attempt to shift risk from the firm to its customers. Some have suggested avoiding VTech products altogether, whilst the Information Commissioner’s Office have said that the move would not be possible in the UK, where organisations that handle personal data are responsible for keeping such data secure.
Failing to deal with cyber security issues represents a significant reputational risk for firms, with increasingly sophisticated consumers tuned in to ever-greater media scrutiny. Firms that treat cyber security as central to their businesses and place the protection of customer data at the centre of their products and services are more likely to be resilient to hacking and the inevitable fallout that cyber attacks generate.