The last couple of months have been rather choppy for children’s tech brand VTECH. Two months ago its online app store was hacked and personal data of more than 4.8 million adult customers and 6.3 m children was allegedly stolen causing a major customer outcry. The APP store has been down ever since, until this week, when it sprung back up. The company has apparently upgraded its security in the two months it has been down, but unfortunately in a major PR Fail it also updated its Terms and Conditions and buried a few things in there that have caused a bit of a stir and have started to really hurt its reputation.
In a section headlined Limitation of Liability, the terms include the following statement:
You acknowledge and agree that any information you send or receive during your use of the site may not be secure and may be intercepted or later acquired by unauthorized parties.
According to Vice’s Lorenzo Franceschi-Bicchierai, who first discovered the new clause, “It’s unclear when this language was added, but the document says it was updated on 24 December of last year.” That’s almost a month after the hack was confirmed, and a month before the site came back online.
Now being hacked in the first place is not great news for a forward thinking tech brand but what it has done since then is even worse. It kind of feels like they tried to hide something that they didn’t want its customers to find. Hiding anything like this is a massive fail, as it is not transparent at all and things like this always come out – just think of Google and its Corporation Tax debacle. Hiding something deep down in the T&Cs, feels bad and more like a very poor attempt at trying to absolve yourself of any responsibility of any more security breaches.
However, today the information commissioner has confirmed that UK law does not allow VTech to abrogate its responsibilities in this way, making the decision completely pointless, and so ultimately the whole thing has backfired in its face.
VTECH certainly seems to be struggling to handle this on-going crisis and only last month the BBC’s Rory Cellan-Jones was cut short by a press officer once he started asking a brand manager whether she felt the company could now be trusted following the breach. It is a fair question to a tech firm that has data but they cut him off and asked him to go the online statement. Sure as PR professional I feel for the comms team here but they should have been open and transparent and dealt with this breach more effectively – they could have learnt from people that have dealt with data breaches well such as Buffer, which has since been widely prasied with its handling of its crisis. A crisis although terrible can actually be a good thing if handled well but sadly on this occasion that is not the case.
Companies and high street brands can no longer put their heads in the sand and hide nasties for customers to find themselves – we all need to own up and take some form of responsibility. If they really did have to absolve themselves of legal responsibility they should have made it clear in a statement and let people know officially. Hiding things means you have to apologize and deal with your security issues and only then can you get back to business and start your usual marketing messages, otherwise I am sorry to say other journalists not even as nice as Rory are going to have a bloody field day. If they feel there is a story of a company hiding things they will keep asking. Here is the video in case you missed it.
