The FBI Worries About Your Kid’s Toys. Are the Risks Overblown?

Published on

Strange, but true. U.S. parents can now take some advice from the Federal Bureau of Investigation (FBI) along with them when they shop for new kids’ toys. The agency, which handles many cyber security issues nationwide, just issued a warning about interconnected toys that parents should read and heed.

The Risks of Smart Toys

“Toys with microphones could record and collect conversations within earshot of the device. Information such as the child’s name, school, likes and dislikes, and activities may be disclosed through normal conversation with the toy or in the surrounding environment,” the agency warned.

Once the toy connects with the Internet or smart devices, concerns about privacy and physical safety quickly follow. FBI officials are concerned about data such as IP addresses providing location information. There’s also a real risk of child identity fraud which is one of the toughest types of ID theft to thwart.

The Steps to Protect Your Kids

Take these steps when considering a new smart toy:

  • Read the company’s privacy policy. No, really read it, don’t just check accept. That will tell you what’s stored, retained, or shared with third parties.
  • Study up on Children’s Online Privacy Protection Act (COPPA). It drastically limits data that can be collected on kids under age 13 but compliance is not perfect. COPPA has recently been
  • Ask how these toys can be updated if a security flaw is discovered.
  • Teach your child to turn off the device when not in use so that recordings cease.
  • Limit the data you volunteer when connecting the toy to any WiFi network. Carefully decide whether or not to opt in to or out of the toy’s features.

The Vtech Lesson

In 2015, the Vtech interactive toy company experienced a major hack of six million user accounts. That breach involved names, email addresses, secret data for password retrieval, IP addresses, street addresses, download history, and encrypted passwords for parents. Data on kids included name, gender, and birthdate.

Once you read the current policy, be alert for changes. After Vtech’s breach, the company attempted to change its privacy policy to avoid any future responsibility for lost data! That document was modified to read, “You acknowledge and agree that any information you send or receive during your use of the site may not be secure and may be intercepted or later acquired by unauthorized parties.”

Outrage about the changes was nearly universal. One blogger called it the worst possible way to respond to a data breach. Recent checks of Vtech and its Learning Lodge policies show this offensive language has vanished.

To keep your kids safe, it’s imperative to read privacy and data security policies for interactive toys and devices.

Comments are closed.

%d bloggers like this: