Hacked internet-connected toy maker VTech has finally relaunched its online app store more than two months after attackers broke into its site and stole the personal details of almost 5 million customers.
The new store comes with much-needed upgrades to the site’s security, with which the company is attempting to quell the concerns of customers. But it also comes with another surprise for parents, buried the site’s terms of service.
In a section headlined Limitation of Liability, the terms state:
You acknowledge and agree that any information you send or receive during your use of the site may not be secure and may be intercepted or later acquired by unauthorized parties.
In other words, if VTech does get hacked again, its customers have no grounds for complaint: they’ve already agreed that it’s not secure.
According to Vice’s Lorenzo Franceschi-Bicchierai, who first discovered the new clause, “It’s unclear when this language was added, but the document says it was updated on 24 December of last year.” That’s almost a month after the hack was confirmed, and a month before the site came back online.
It’s unclear whether the terms and conditions have any legal force, wherever in the world VTech’s customers are based. In Europe, for example, customers are protected against unfair terms of service. That doesn’t stop companies trying to enforce their terms, but it does mean that if any lawsuit makes it to court, the fact that an agreement technically indemnifies VTech would be unlikely to hold water.
The Information Commissioner’s Office is currently investigating VTech for the November breach.