DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

No Harm, No Lawsuit: Court Dismisses VTech Litigation

Posted on July 29, 2017 by Dissent

In November, 2015, this site noted a breach involving VTech. At the time, Motherboard reported:

The hacked data includes names, email addresses, passwords, and home addresses of 4,833,678 parents who have bought products sold by VTech, which has almost $2 billion in revenue. The dump also includes the first names, genders and birthdays of more than 200,000 kids.

What’s worse, it’s possible to link the children to their parents, exposing the kids’ full identities and where they live, according to an expert who reviewed the breach for Motherboard.

On November 30, VTech confirmed the breach but reassured consumers that the data involved would not be sufficient to engage in fraud or identity theft. The following day, the unknown hacker contacted Motherboard to tell them that VTech had also left children’s photos and chat logs between parents and children unsecured.

Two weeks later, the hacker was arrested.

In response to the breach, VTech subsequently changed their EULA to include a statement, ““You acknowledge and agree that any information you send or receive during your use of the site may not be secure and may be intercepted or later acquired by unauthorized parties.”

And also in response to the breach, some customers sued.

Richard P. Lawson of Manatt Phelps and Phillips LLP has an update on the litigation, writing, in part:

In addition to legislative inquiries, the data breach triggered consolidated litigation in Illinois federal court alleging that the company failed to employ reasonable data security to protect its customers, resulting in an increased risk of identity theft to adults as well as harm to children if predators accessed their information.

VTech moved to dismiss the action for failure to state a claim. U.S. District Court Judge Manish S. Shah granted the motion, finding that the plaintiffs were unable to establish that they suffered actual harm as a result of the breach and that their alleged injuries were too “speculative” for the lawsuit to move forward.

“Plaintiffs fail to make the connection between the data breach they allege and the identity theft they fear,” the court said. “Specifically, plaintiffs do not explain how the stolen data would be used to perpetrate identity theft.”

Read more on Lexology.

Related posts:

  • Data Breach on VTech Learning Lodge (update)
  • VTECH Hack Exposes Data on More Than 200,000 Kids and Almost 5M parents (update2)
  • VTech hack included children’s pictures and chat logs (Update 1)
  • VTech asks court to dismiss class action lawsuit over data breach
Category: Breach IncidentsBusiness SectorHackNon-U.S.

Post navigation

← WestJet says some rewards members’ profile data leaked online
TX: Scope of Cameron Co. Personal Information Breach Unknown →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems
  • 222,000 customer records allegedly from Manhattan Parking Group leaked
  • Breaches have consequences (sometimes) (1)
  • Kansas City Man Pleads Guilty for Hacking a Non-Profit

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data
  • Sacred Secrets: The Biblical Case for Privacy and Data Protection
  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach
  • Nestle USA Settles Suit Over Job-Application Medical Questions

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.