Rattled toymaker VTech's data breach case exiting legal pram

Motion to dismiss case of 6.4m leaked kids' accounts looks likely to succeed


VTech, the toy company pierced by attackers in late 2015, is hoping an Illinois court will toss out the resulting class action against it.

The company's woes began on 27 November 2015, when it belatedly owned up to a breach.

At the time, Troy Hunt believed the breach contained details of 4.8 million customers, and journalist Lorenzo Franceschi-Bicchierai said 227,000 children were in the breach. A few days later, VTech went public with a higher number: the total breach was nearly 11 million accounts including 6.37 million children.

Unsurprisingly, that attracted a class action under the name of The Honourable Manish S Shah, in the Northern District of Illinois, Eastern Division.

Last July, the judge dismissed the suit because the plaintiffs had failed to prove their fears of identity theft, so the case was reframed.

VTech hopes the court will repeat its dismissal on the new case. With “typical data breach injury claims” – that is, future identity theft – excised from the case, the plaintiffs wanted the court to assess damages on the basis that the breach reduced the value of their purchases.

The problem, VTech argues, is that the online services that were breached – Learning Lodge and Kid Connect – were launched after the products hit the shelves.

“Plaintiffs’ arguments still rest on the fundamentally flawed premise that VTech’s alleged promises regarding its 'Online Services' (Learning Lodge and Kid Connect) were somehow relevant to the hardware devices that Plaintiffs purchased before they registered for the Online Services”, the filing states.

Since the court had in July already ruled that registration for services is separate from the purchase of the toys, a ruling in VTech's favour looks likely. ®

Broader topics

Narrower topics


Other stories you might like

  • Never fear, the White House is here to tackle web trolls
    'No one should have to endure abuse just because they are attempting to participate in society'

    A US task force aims to prevent online harassment and abuse, with a specific focus on protecting women, girls and LGBTQI+ individuals.

    In the next 180 days, the White House Task Force to Address Online Harassment and Abuse will, among other things, draft a blueprint on a "whole-of-government approach" to stopping "technology-facilitated, gender-based violence." 

    A year after submitting the blueprint, the group will provide additional recommendations that federal and state agencies, service providers, technology companies, schools and other organisations should take to prevent online harassment, which VP Kamala Harris noted often spills over into physical violence, including self-harm and suicide for victims of cyberstalking as well mass shootings.

    Continue reading
  • US senators seek ban on sale of health location data
    With Supreme Court set to overturn Roe v Wade, privacy is key

    A group of senators wants to make it illegal for data brokers to sell sensitive location and health information of individuals' medical treatment.

    A bill filed this week by five senators, led by Senator Elizabeth Warren (D-MA), comes in anticipation the Supreme Court's upcoming ruling that could overturn the 49-year-old Roe v. Wade ruling legalizing access to abortion for women in the US.

    The worry is that if the Supreme Court strikes down Roe v. Wade – as is anticipated following the leak in May of a majority draft ruling authored by Justice Samuel Alito – such sensitive data can be used against women.

    Continue reading
  • Tim Hortons collected location data constantly, without consent, report finds
    Hortons hears a sue

    From May 2019 through August 2020, the mobile app published by multinational restaurant chain Tim Hortons surveilled customers constantly by gathering their location data without valid consent, according to a Canadian government investigation.

    In a report published Wednesday, Office of the Privacy Commissioner (OPC) of Canada and the privacy commissioners from three provinces – Alberta, British Columbia, and Quebec – presented the results of an inquiry that began shortly after the publication of a June 2020 National Post article.

    That article revealed the Tim Hortons app tracked location data every few minutes even when relegated to the background, and the report compiled by Canadian privacy officials confirmed as much.

    Continue reading

Biting the hand that feeds IT © 1998–2022