Rattled toymaker VTech's data breach case exiting legal pram
Motion to dismiss case of 6.4m leaked kids' accounts looks likely to succeed
VTech, the toy company pierced by attackers in late 2015, is hoping an Illinois court will toss out the resulting class action against it.
The company's woes began on 27 November 2015, when it belatedly owned up to a breach.
At the time, Troy Hunt believed the breach contained details of 4.8 million customers, and journalist Lorenzo Franceschi-Bicchierai said 227,000 children were in the breach. A few days later, VTech went public with a higher number: the total breach was nearly 11 million accounts including 6.37 million children.
Unsurprisingly, that attracted a class action under the name of The Honourable Manish S Shah, in the Northern District of Illinois, Eastern Division.
Last July, the judge dismissed the suit because the plaintiffs had failed to prove their fears of identity theft, so the case was reframed.
VTech hopes the court will repeat its dismissal on the new case. With “typical data breach injury claims” – that is, future identity theft – excised from the case, the plaintiffs wanted the court to assess damages on the basis that the breach reduced the value of their purchases.
The problem, VTech argues, is that the online services that were breached – Learning Lodge and Kid Connect – were launched after the products hit the shelves.
“Plaintiffs’ arguments still rest on the fundamentally flawed premise that VTech’s alleged promises regarding its 'Online Services' (Learning Lodge and Kid Connect) were somehow relevant to the hardware devices that Plaintiffs purchased before they registered for the Online Services”, the filing states.
Since the court had in July already ruled that registration for services is separate from the purchase of the toys, a ruling in VTech's favour looks likely. ®
Sponsored: Becoming a Pragmatic Security Leader