WSJ Crisis of the Week: VTech Breach Exposes Children’s Info

Schwartz Media’s CEO Tadd Schwartz comments on child tech toy maker VTech’s security breach and ensuing crisis management campaign.  



The crisis experts this week tackle the case of VTech Holdings Ltd. and how it is handling news that the personal information of about 6.4 million children was exposed in a recent data breach. That is in addition to records for 4.9 million adult customers VTech had previously said were affected by the breach.

The company said it hired a cyber forensic company to improve its security, and said it is cooperating with law enforcement officials worldwide. It posted two statements on its website, one detailing its efforts to reach out to every account holder in its database and a second statement apologizing for the breach.

Has the company gone far enough to quell concerns of its users—if not, what else should it have done? What should it do next?

Tadd Schwartz, president and CEO, Schwartz Media Strategies: “Technology companies are rightfully held to a higher standard when it comes to cybersecurity and data protection. Consumers are entitled to even loftier expectations when the privacy of children is involved. If a business is going to collect information about minors, let alone a company driven by technology, then security must be priority number one.

“Once the VTech data breach was discovered, the company did an admirable job in communicating details of the lapse to customers. By emailing each account holder, issuing media statements and setting up a frequently asked questions page online, VTech was upfront about the cyberattack and quickly set up a central source for new information. The decisions to immediately suspend the affected websites and engage a third-party forensics team sent a message that VTech was serious about correcting the problem.

“The reality is that companies which set out to heighten their security measures are often targeted by hackers looking to prove their capabilities. Moving forward, VTech would be wise to add an extra layer of security to the protection of any data storage, and children’s information in particular. They can begin by keeping the data on a third-party platform, much the same way they store customers’ credit card information.

“From there, VTech should emphasize trust and security as major themes within its marketing and branding. Updated package design highlighting new security controls, parent-centered advertising on children’s television networks and websites, and voluntary participation in the kidSAFE seal program, which certifies child-friendly websites and social platforms, should all be part of the plan.”

Continue reading.