(Reuters) - U.S. lawmakers on Wednesday asked digital toymaker VTech Holdings Ltd why it collects data on children, and how it secures that information, following a cyber attack that exposed records on 6.4 million youngsters in company databases.
In a letter, two leaders of a congressional group focused on privacy asked VTech for specific information on what data it collects on children aged 12 and younger, how it uses the information, and whether it shares or sells such data.
“This breach raises several questions about what information VTech collects on children, how that data is protected, and how VTech complies with the Children’s Online Privacy Protection Act,” Democratic Senator Edward Markey and Republican Representative Joe Barton said in the letter, referring to a 1998 law aimed at enabling parents to control their children’s information.
Representatives for Hong Kong-based VTech could not be reached for comment on the letter, which was released overnight in Asia.
They made the request after VTech disclosed on Tuesday that the breach compromised data on 6.4 million children and 4.9 million adults. Security experts say it is the largest known cyber attack targeting children’s data.
The incident raises questions about the company’s adherence to the law and steps it had taken to protect children’s personal information, according to Markey and Barton, co-founders of the Bi-Partisan Congressional Privacy Caucus.
The company has said that it was at fault.
"Regretfully, our database was not as secure as it should have been," VTech said in a detailed document on the breach published on its website. (bit.ly/1LM1RMQ) Nearly half of the compromised parent and child profiles were in the United States.
Security experts and one equity analyst said the company could face government inquiries and private lawsuits from customers worldwide.
“Ninety percent of VTech’s revenue comes from developed markets where consumer protection policies are more stringent,” said Warren Lau, an analyst for Maybank KimEng Securities. “It comes at an unfortunate time as well, a few weeks away from Christmas.”
VTech shares have fallen 2.73 percent since it first revealed the hack on Nov. 27, while the Hang Seng index was down 0.38 percent during the same period.
The U.S. lawmakers asked how the company plans to alert affected customers and prevent future breaches and requested that VTech respond by Jan. 8.
Additional reporting by Linda Stern and Clare Baldwin
Our Standards: The Thomson Reuters Trust Principles.