Employees | 5 min read

Protecting Your Family's Privacy from – Toys?


Want to get updates on InfoArmor News?

You make them wear a helmet when they ride their bike, smother them in sunscreen before heading to the beach, and triple check their car seat before putting on your seatbelt. Parents do everything they can think of to protect their children, but they often overlook one critical area — safeguarding their children’s privacy and identity.

Hackers and identity thieves have more tools than ever to invade your home and compromise your children’s privacy. And, the sad part is, your child’s most beloved toy may be helping them.

Toys allow hackers into your home

Smart toys were a huge hit this past holiday season, and no one was more delighted than hackers and identity thieves. That’s because these devices, which connect to the internet and/or utilize Bluetooth, are very easy to exploit.

Put simply, many of the toy manufacturers didn’t even take basic steps to ensure communications were secure and that children’s personal information would be protected. This is especially true when it comes to Bluetooth configuration. Take, for example, Hasbro’s Furby Connect doll. If a hacker is within 100 feet of your child’s toy, they can hijack the microphone and speak to your children.

Even more frightening is the Q50, a smartwatch designed specifically for parents to keep tabs on, and communicate with, their children. Bugs in the product allow hackers to track children, spoof their locations, listen to their surroundings, and intercept all communication to and from the watch.

Toys can collect personal data without your consent

What may be even more surprising is that many smart toys could be collecting data on your children illegally. COPPA, the Children’s Online Privacy Protection Act of 1998, prevents any online service from knowingly collecting personal data on any person under the age of 13 without their parent’s consent. This protection extends to internet-connected toys and devices, as well as websites. But, not every manufacturer is playing by the rules.

VTech, a popular children’s toy company, announced a major data breach in November 2015. Millions of children had their names, contact information, recordings of their voice, and even their photos exposed. Making matters worse, the FCC’s investigation into the breach found that Vtech neither got parents’ permission before collecting this data nor explained how any collected data would be used. Both are major violations of COPPA.

As a result, on January 8th, 2018, VTech agreed to settle with the FCC for $650,000. In addition to the fine, they also agreed to a permanent injunction for their COPPA violations and were forced to create a comprehensive data security program that is subject to a biennial independent audit for the next 20 years.

Protecting your family’s privacy from identity thieves

In today’s digital world, it’s imperative you take every possible action to protect your child’s identity and privacy. Here are a few steps to get you started.

Research smart toys exhaustively before purchasing

Before you purchase any smart toy, research it thoroughly. As the BBB points out, not all of the information you need to know is on the box. You’ll need to visit the toy’s website and review their privacy policy and examine their parental rights. Additionally, check out customer reviews for any known security flaws.

When researching the product, see if other countries have commented on the toy or device. Many countries have much stricter laws than the U.S. when it comes to protecting your child’s privacy. Germany, for example, banned the sale of a popular children’s toy, Cayla, unless retailers removed its ability to connect to the internet. Taking matters a step further, they also labeled the device an “illegal espionage apparatus” and encouraged parents to destroy the doll.

Only connect toys to a secure network

If you have internet-connected toys or devices, never connect them to public WiFi. You should only use them over a secure, password-protected network. If possible, use a VPN.

Invest in an identity protection service for your entire family

To fully protect your family’s privacy, sign up for a comprehensive identity protection service. This will be your best line of defense should cybercriminals or identity thieves compromise a family member’s identity.

Begin by speaking with your HR department. Companies are increasingly providing employees with identity protection as a standard or voluntary benefit, and your organization may already offer this service. If they do, sign up your entire family as soon as possible.

If your company doesn’t offer this protection as a benefit, consider passing along our complimentary ebook, Why Companies Should Care When Employees Have Their Identities Stolen. It’s loaded with helpful information and statistics that clearly illustrate the need for employer’s to protect their employees and their families.

For more information on ways you can protect your children’s privacy, or if you have reason to believe your child’s identity may have been compromised, check out our blog, How to Protect Your Child’s Identity.

New Call-to-action
At InfoArmor, we believe everyone deserves the right to privacy, security, and above all else, peace of mind. This is why we’re proud to offer industry-leading solutions for employee identity protection and advanced threat intelligence. From enterprise to employee, InfoArmor redefines how organizations combat an ever-changing cyber threat landscape. If you’d like more information on how we can help your organization protect its most valuable assets, reach out. We’d love to hear from you.