Local 215.825.5183Toll Free 877.825.8542

VTech Electronics Data Breach Attorney

Business man pointing to transparent board with text: Data BreacVTech Electronics, which is based in Arlington Heights, Illinois, manufactures electronic learning products from infancy to preschool and is also the world’s largest manufacturer of cordless phones. VTech was founded in 1976 with a mission to design, manufacture, and supply innovative and high quality products.

On November 27, 2015, VTech acknowledged that the Learning Lodge and Kid Connect databases were hacked in November 2015, resulting in the exposure of the personal information of approximately 11 million user accounts.  After confirming the security breach, VTech suspended the Kid Connect and Learning Lodge services along with other websites thereby preventing consumers from accessing the products that they purchased.

VTech issued a press release [1] regarding this security breach on December 3, 2015, providing, in part, as follows:

“Fire Eye’s Mandiant Incident Response services, one of the world’s leading cyber forensic teams, is assisting the Group in its response to the recent cyber attack to strengthen the security of its systems.

Upon discovering the attack, the Group immediately conducted a comprehensive check of the affected sites and suspended Learning Lodge, the Kid Connect network and a number of websites as a precautionary measure.

“We are deeply shocked by this orchestrated and sophisticated attack on our network. We regret that users of Learning Lodge, Kid Connect and PlanetVTech, some of whom are colleagues, friends and families, are also affected. We would like to offer our sincere apologies for any worry caused by this incident. We are taking all necessary steps to ensure that our users can continue to enjoy our products and services, safe in the knowledge that their data is secure,” said Allan Wong, Chairman and Group CEO of VTech Holdings Limited.”

An additional press release was released on December 29, 2015 [2], and provides:

“While the forensic investigation is still underway, the information we currently have indicates that on or about November 14 HKT an unauthorized party accessed VTech customer data on our Learning Lodge app store customer database and Kid Connect servers. Learning Lodge allows our customers to download apps, learning games, e-books and other educational content to their VTech products. Kid Connect is an app that allows children and parents to exchange voice and text messages, photos, drawings and fun stickers between VTech tablets, DigiGo and parents’ smartphones.

(2) What website was affected?

VTech’s Learning Lodge app store customer database was affected and VTech Kid Connect servers accessed. As a precautionary measure, we have suspended Learning Lodge, the Kid Connect network and the following websites temporarily whilst we conduct a thorough security assessment.

  • planetvtech.com
  • – lumibeauxreves.com
  • – planetvtech.fr
  • – vsmilelink.com
  • – planetvtech.de
  • – planetvtech.co.uk
  • – planetvtech.es
  • – proyectorvtech.es
  • – sleepybearlullabytime.com
  • – vsmilelink.com
  • – vsmilelink.com
  • – vsmilelink.com
  • – vsmilelink.com”

The December 29, 2015, press release also provides that 2,212,863 parent accounts were affected by the security breach in the United States alone, as well as 2,894,091, child profiles from the United States.  Worldwide, more than 11 million children and adults were affected by the VTech security breach.

As a result of this extensive security breach, a class action lawsuit was filed on December 3, 2015, against VTech Electronics North America, LLC (“VTech”) on behalf of consumers who purchased VTech devices and used VTech’s “Kid Connect” or “Learning Lodge” services. The class action lawsuits were filed in the U.S. District Court for the Northern District of Illinois pursuant to Ken Tittle v. VTech Electronics [3] North America LLC, No. 1:15-cv-10889, N.D. Ill.

The Class Action Complaint alleges that VTech’s grossly inadequate information and network security oversight led to the disclosure of consumers’ sensitive personal information, including information about their children, to unauthorized third parties. The Complaint seeks relief on behalf of consumers not only for the disclosure of their personal information, but also for the harm caused by VTech’s deceptive consumer practices that caused consumers to purchase the affected Products without knowing of the inadequate security of the data solicited by Vtech from consumers.   The lawsuit alleges that VTech violated the Illinois Personal Information Protection Act and the Illinois Consumer Fraud and Deceptive Business Practices Act (ICFA) on behalf of himself and the nationwide class, as well as the violation of various state data breach statutes on behalf of the statewide classes.  The complaint seeks declaratory judgment and alleges breach of implied contract and negligence.

The Personal Information Protection Act (PIPA) (815 ILCS 530/1 et seq.) [4] requires agencies and businesses to disclose any breach of a computer system that contains the unencrypted personal information.  The Illinois Consumer Fraud and Deceptive Business [5] Practices Act (815 ILCS 505/1 et seq), enacted to protect consumers against fraud and unfair or deceptive acts in the conduct of trade or commerce.

A second class action case was also filed against VTech pursuant to Heber Bran v. VTech Electronics North America LLC, No. 1:15-cv-10891, N.D. Ill.  In the second complaint, Massachusetts resident Heber Bran names VTech’s Hong Kong parent company VTech Holdings Limited as a defendant, alleging that VTech violated the terms of the ICFA, as well as breach of contract and unjust enrichment.  The lawsuit seeks to include a nationwide class of VTech customers “whose Sensitive Information was compromised during the data breach.” The Complaint also alleges that VTech Learning Lodge customers overpaid for services because class members were not “presented with an informed choice as to whether or not to buy the tablets” based upon VTech’s deceptive omission of material facts regarding its protection of sensitive information.

It is likely that both of the pending class action lawsuits filed against VTech will focus on whether or not VTech’s data security procedures and protocols were reasonable.  It is interesting to note, however, that these two lawsuits differ slightly from the more typical security breach cases based upon the fact that millions of child related accounts have been affected worldwide.  Further, the investigation into this matter has only recently been initiated and perhaps a completed investigation will confirm that additional accounts were affected.


A data security breach [6] is defined by the White House as follows:

“(1) IN GENERAL.—The term “security breach” means a compromise of the security, confidentiality, or integrity of, or the loss of, computerized data that results in, or there is a reasonable basis to conclude has resulted in –

“ (A) the unauthorized acquisition of sensitive personally identifiable information; or

“ (B) access to sensitive personally identifiable information that is for an unauthorized purpose, or in excess of authorization.

“ (2) EXCLUSION.—The term “security breach” does not include any lawfully authorized investigative, protective, or intelligence activity of a law enforcement agency of the United States, a State, or a political subdivision of a State, or of an intelligence agency of the United States.”

Beginning with California in the year 2002, 43 states and the District of Columbia adopted legislation requiring that institutions suffering breaches of personal information must notify the individuals whose data were involved. In addition, in 2005 U.S. federal regulators issued final interagency guidance for federally regulated financial institutions and their duty to disclose breaches which also require that persons affected by security breaches by notified.  These types of notices are necessary in order to prevent or minimize identity fraud which involves one person impersonating another for the purpose of obtaining a benefit such as opening a credit account or taking out a loan, writing a check, filing a claim, or otherwise attempting to benefit financially by claiming to be someone else.

Investigating a Data Breach Class Action

If you purchased a VTech product or received a breach notice from their office, it is important to speak to a VTech Class Action Lawsuit Attorney regarding your potential claim.  Many steps are necessary to investigate a data breach class action and your attorney will be able to discuss any of the following that apply to your case:

  • Determine if the company negligently failed to adopt safeguards that would have prevented the data breach from occurring, including encrypting personal information.
  • Investigate if the company notified customers as soon as possible after it confirmed the existence of a data breach.
  • Work with state and federal authorities, including the Federal Trade Commission, in order to obtain a list of all of the individuals affected by the data breach.

Investigating Damages in a Data Breach Class Action

It will also be necessary to investigate damages that you suffered as a result of the data breach including, but not limited to, the following:

  • Unreimbursed cost of replacing credit and debit cards, obtaining credit reports and credit insurance.
  • Fees assessed by companies to help secure personal information and/or monitor accounts to confirm that fraudulent activity is not occurring.
  • Any expenses incurred in order to correct erroneous information.
  • Out-of-pocket expenses incurred as a result of the data breach.

According to the terms of the Experian Data Breach Industry Forecast [7] for 2015, the risk of experiencing a data breach for businesses is higher than ever with almost half of organizations suffering at least one security incident in the last 12 months. To address this, 48 percent of organizations increased investments in security technologies in the same timeframe, and 73 percent acknowledged the likelihood of a breach by developing a data breach response plan. Cyber insurance policies are also becoming more important to a company’s preparedness plan, with the adoption rate more than doubling over the last year from 10 percent in 2013 to 26 percent in 2014.  The Experian report also provides, in part, as follows:

“With the average data breach costing organizations $3.5 million, the financial impact of data breaches actually increased this year. According to annual research from the Ponemon Institute, the average cost paid for each lost or stolen record containing sensitive and confidential information globally increased more than 9 percent from $136 in 2013 to $145 in 2014. The cost per record increased to $195 for companies in the U.S”.

Without effective cyber security, incidences like that at VTech Electronics will happen to many other businesses, resulting in significant financial losses to consumers nationwide.  If you or someone you love purchased an affected device, which may include all InnoTab tablets, such as the InnoTab 3, InnoTab 3S Plus, InnoTab 3S, InnoTab3S Plus and the InnoTab Max, and the Tote & Go Laptop, MobiGo, V.Reader, and ABC Learning Classroom toys, or were a user of the “Kid Connect,” “Learning Lodge,” or “PlanetVTech” services, you may be eligible to participate in a class action lawsuit against VTech.  To determine your rights, it is important to speak to an experienced VTech Electronics Data Breach class action attorney.  At the Levin Firm, we understand how difficult it is to have your personal information subjected to a security breach and potentially available to be viewed online by the general public.  We know how to evaluate your situation based upon the facts of your case and to investigate what type of claim can be made on your behalf. Please call 215-825-5183 to schedule a free consultation today or call our toll free number at 877-825-8542.


[1] https://www.vtechkids.com/assets/data/press/{5A28E16C-FECE-4B66-98C1-EBB5BC958178}/releases/Press%20release_Eng_20151203.pdf

[2] https://www.vtechkids.com/assets/data/press/{A521065E-DE25-454D-A956-8C32DFA872B2}/releases/FAQ_Eng(20151229_1630).pdf

[3] http://www.lexislegalnews.com/articles/4438/2-class-actions-filed-in-illinois-federal-court-over-vtech-data-breach

[4] http://www.ilga.gov/legislation/ilcs/ilcs3.asp?ActID=2702

[5] http://www.ilga.gov/LEGISLATION/ILCS/ilcs3.asp?ActID=2356&ChapAct=815%C2%A0ILCS%C2%A0505/&ChapterID=67&ChapterName=BUSINESS+TRANSACTIONS&ActName=Consumer+Fraud+and+Deceptive+Business+Practices+Act

[6] https://www.whitehouse.gov/sites/default/files/omb/legislative/letters/data-breach-notification.pdf

[7] https://www.experian.com/assets/data-breach/white-papers/2015-industry-forecast-experian.pdf







[7]  http://www.ricesettlement.com/docs/2015-04-15_Order_Granting_Final_Approval.pdf[8] http://www.tripwire.com/state-of-security/latest-security-news/cyber-insurance-market-expanding-due-to-high-profile-attacks/


Latest News

September 22, 2017

Rear-End Accident Liability

Rear-end accidents are one of the most common and dangerous types of accident in which you can be involved. In many cases, the driver in the front vehicle has no idea a collision is about …

September 15, 2017

Do I Have to Call the Police if I’ve Been Injured in an Accident?

Involvement in an accident that results in an injury to oneself is not something most people expect. Car wrecks are often violent and traumatic and tend to leave those involved shaken, confused, and uncertain about …

September 8, 2017

What are the Potential Complications of Bite Injuries?

According to the American Society for the Prevention of Cruelty to Animals, there are an estimated 70 to 80 million dogs owned in the United States. While dog ownership provides many benefits to humans and our …

view more

Free Case Consultation

Fill out the form below to schedule a free initial consultation

    In an effort to prevent spam please click “I agree” below to confirm you are a human being. (Required.)