VTech’s Latest User Agreement Lets Company Skirt Liability For Future Hacks

Screen Shot 2016-02-09 at 2.25.51 PM

Last year, a data breach of VTech’s Learning Lodge app store exposed personal information for millions of parents and children. While the company claims to have improved its security to prevent future hacks, it also looks like VTech has given itself a way out of liability for anything bad that might happen.

In the wake of the breach, VTech took the  Learning Lodge, which allows customers to download apps, games, e-books and other content for VTech products, offline temporarily. Recently, the company let users know that the Lodge was back up and running. But, as Motherboard points out, VTech’s notice to parents doesn’t mention that it tweaked its Terms and Conditions agreement for the store.

VTech updated its Terms and Conditions agreement on Dec. 24, just weeks after the company announced it was the latest victim of a cyber attack and that it had hired a cyber forensic team to beef up security of its websites.

The new agreement for the Learning Lodge download contains a clause that appears to allow VTech to brush off responsibility for future breaches.

“You acknowledge and agree that you assume full responsibility for your use of the site and any software or firmware downloaded therefrom,” the agreement states. “You acknowledge and agree that any information you send or receive during your use of the site may not be secure and may be intersected or later acquired by unauthorized parties.”

VTech's full clause related to liability. [click to enlarge]

VTech’s full clause related to liability. [click to enlarge]

It’s unclear if the clause was added in the Dec. 24 update, but the language is highlighted in all caps, where other portions of the agreement are in regular type.

Consumerist reached out to VTech regarding the clause, and we’ll update the story when we hear back.

Security experts tell Motherboard that the clause, whether it’s new or older, appears to be VTech’s attempt to avoid liability, calling it “outrageous, unforgivable, ignorant, opportunistic, and indefensible.”

Still, some privacy specialists say the clause isn’t out of the ordinary.

“It comes off a bit awkwardly for them here, in light of being hacked, but it is a perfectly reasonable provision in a [Terms of Service] otherwise because nobody could promise they are perfectly secure,” James Denaro, a computer scientist and attorney, tells Motherboard.

Hacked Toy Company VTech’s TOS Now Says It’s Not Liable for Hacks [Motherboard]