VTech: Data Hack Exposes 10 million children and Adults (2015)
Founded in Hong Kong, China, in 1976, VTech initially
began developing video games in the 1970’s. The company originally sold their
video game products to international companies like RadioShack. The more
products the company created, the bigger their brand grew. In 1985, VTech
started developing the first digital cordless telephones. In 2000, they signed
a contract giving them exclusive rights to use the AT&T brand in
conjunction with the manufacturing and sale of wireless telephones and
accessories in North America. Today, VTech produces mainly cordless phones and
electronic learning devices, selling them across the world, in North America,
Europe, Asia, Latin America, the Middle East, and Africa.
In 2015, VTech “exposed the data of 6.4 million” (CNBC),
including children using the products, as well as the parents who purchased
them. The unnamed attacker contacted the Vice Magazine about VTech’s security
vulnerabilities, and gave a detailed account of the breach. After clarifying that
the attack was authentic, it was determined that VTech’s servers failed to
utilize basic SSL encryption to secure the stored personal data. This allowed
the attackers to access unencrypted passwords, photographs, chat logs, and
voice recordings of the children and their parents. VTech’s corporate security
was unaware their servers had been hacked until they were contacted by the Vice
Magazine themselves.
Once alerted, the company immediately shut off dozens of
online servers and websites. Then, they informed their customers about the 4.8
million accounts belonging to parents and 6.3 million accounts belonging to
children that had been compromised. The company then stated that the released
information was encrypted, although the original reports from the attacker
stated otherwise. VTech hired an information security service company, FireEye,
to manage any further incidents regarding stolen information. In 2016, a
publication was released explaining that VTech had modified its Terms and
Conditions for customers, stating that information transmitted to VTech may be
intercepted or later acquired by unauthorized parties.
VTech’s data breach affected
millions around the globe. The stakeholders
in this case include the children that used the product, the parents that purchased
the product, RadioShack and other companies that distributed that product, and
VTech themselves as an organization. The children and parents are directly
affected as their private information was leaked. RadioShack and other
distributors are affected as their brand image will be moderately damaged as
they are affiliated with VTech and have distributed and supported their
products. Finally, VTech themselves are stakeholders, as their brand image was
severally impacted by the incident.
Friedman’s Individualism
states that “The only goal of business is to profit, so the only obligation
that the business person has is to maximize profit for the owner or the
stockholder” (Individualism PowerPoint Slide #2). According to Friedman, VTech
is not ethically wrong for having poor security for their customer servers.
Friedman would argue that VTech’s only care should be about making profits,
which they had done a great job of up until the fiasco. After the incident, the
company changed their Terms and Conditions in order to avoid any further
liability, in turn saving money for the company.
Utilitarianism is the foundational idea that
“happiness or pleasure are the only things of intrinsic value… [and] we ought
to bring about happiness and pleasure in all beings capable of feeling it”
(Utilitarianism PowerPoint Slide 1). According to Utilitarianism, VTech would
be ethically wrong for having poor security for their servers. VTech caused
various problems for millions of customers, which negatively impacted their
happiness and pleasure, which goes strictly against the values of Utilitarianism.
The basic principles of Kantianism include: “acting rationally,
respecting people, their autonomy and individual needs and differences”
(Kantianism PowerPoint Slide 1), and be motivated to do what is right, simply
because it is the right thing to do. According to Kantianism, VTech would be
acting unethically, as even though they may have acted rationally, they did not
do what is right. The company issued an FAQ, expressing their empathy and
explain what information was released, although they failed to improve their
security systems. The company’s simply change of the Terms and Conditions has
allowed them to continue to have weak security without any liability, which is
the wrong thing to do. If the company wanted to comply to Kant’s ethical theory
than they must spend time and resources to improve their server’s security in
order to keep their customer’s information safe.
Virtue Theory
is the idea that an organization can be more profitable if they focus on
ethically-driven business strategies rather than profit-driven. According to
Virtue Theory, VTech is ethically wrong as they had implemented a profit-driven
business strategy that resulted in a lack of resources being devoted to the
protection of the customer’s security.
VTech’s lack of security along with their poor
post-breach actions were far from
justified. The company failed to secure private information of customers
which is unethical. Also, the company failed to improve their security systems
after the incident, as they just modified the Terms and Conditions of their
products, explaining that customer’s information may be intercepted by
unauthorized parties.
I believe that VTech should take an ethically correct action plan that includes properly
informing the customer of all the facts about the breach, including things they
left out in the original reports. Also, the company would hire an information
technology company to implement a new security system that can properly secure
the customer’s private information. Next, the company should hire a group to
monitor their servers on a more regular basis, in order to ensure that the
security systems are working properly. Finally, the company should apologize
for this incident and ensure their customers that it will never happen again.
This action plan may be expensive, but it is ethically right, and will help the
company improve moving forward.
References
Cnbc.
"VTech Hack: Data of 6.4M Children Exposed." CNBC. CNBC, 02
Dec. 2015. Web. 03 Apr. 2017.
Salazar, Heather. The Business Ethics
Case Manual: The Authoritative Step-by-Step Guide to
Understanding and Improving the Ethics of Any Business. Print.
“FAQ
about Cyber Attack on VTech Learning Lodge (last Updated: 11:30, December 16,
2016, HKT)." VTech. N.p., n.d. Web. 03 Apr. 2017.
Kelion,
Leo. "Parents Urged to Boycott VTech Toys after Hack." BBC News.
BBC, 10 Feb. 2016. Web. 03 Apr. 2017.
"VTech
Hacker Explains Why He Hacked the Toy Company." Motherboard. N.p.,
n.d. Web. 03 Apr. 2017.
Reuters. "VTech Hack Leaves
Millions Of Parents -- And Their Kids -- Exposed." The Huffington Post.
TheHuffingtonPost.com, 30 Nov. 2015. Web. 03 Apr. 2017.
No comments:
Post a Comment