VTech has relaunched its online service Learning Lodge, but appears to have shirked responsibility regarding future data breaches.
Back in late November 2015, it was revealed that approximately 10 million of its customers had been affected by a major data breach.
Information that was accessed as a result of the incident included names, addresses, encrypted passwords, security questions and answers belonging to the company’s customers.
Since then, however, a new clause appears to have been added to VTech’s terms and conditions document, which appears to “absolve it of liability” for future breaches.
“You acknowledge and agree that any information you send or receive during your use of the site may not be secure.”
The Limitation of Liability section now reads: “You acknowledge and agree that any information you send or receive during your use of the site may not be secure and may be intercepted or later acquired by unauthorized parties”.
A spokesperson for VTech said that the company has worked hard to improve its security, but also drilled home the point that “no company that operates online can provide a 100% guarantee that it won’t be hacked”.
VTech’s Grace Pang told Motherboard that “such limitations are commonplace on the web”.
However, that view was not shared by all. Also speaking to the online tech news provider was Ot Van Daalen, a privacy lawyer in the Netherlands.
He said: “Under EU law you have an obligation to secure data and you cannot waive this by putting something likes this in the terms and conditions that you have with your consumers.”
The Toy Retailers Association has also commented on the case, stating that the specialist electronic toys and technology company “are and have been a reputable supplier of toys and were subject to an indiscriminate hacker”.
The UK’s Information Commissioner’s Office is currently investigating VTech for the November breach.
