Parents are still looking for answers weeks after hackers stole the personal data of thousands of users from kids’ tech coding camp iD Tech, with some fearing that their children’s data was compromised in the data breach. Many parents are reconsidering enrolling their children in tech coding camps, as they are worried about the safety and privacy of their children’s information.
Charles Duhigg, a journalist for The New York Times, published an article on Medium about how companies like iD Tech are not properly protecting user data. He points to a recent breach at the company where over 1 million customer records were compromised. iD Tech has yet to acknowledge the breach or notify parents of their children’s data being put at risk. This raises questions about the adequacy of their security measures and whether they are really doing all they can to protect user data.
The data breach of iD Tech that occurred in February put millions of personal details at risk. The company is believed to have been hacked on January 3, and the data theft was not discovered until February. This means that individuals whose information was stolen may not have known about it until after the fact. The company has yet to release a statement addressing the matter and has promised to pay anyone affected by the breach.
The hacker said they stole the data in order to embarrass parent companies into upgrading their security. “We feel that these companies should be held accountable for their actions and negligence in securing user data,” the hacker said. In a message to parents, iD Tech acknowledged that some of their user information had been stolen, but said there was no evidence that any credit card numbers or other personal information had been exposed.
The majority of parents who have been affected by the data breach at Gibson Dunn law firm learned of the breach through various notification services, like Have I Been Pwned. Although the notification services were able to obtain information about hundreds of families affected by the breach, some parents only found out as recently as March 6 when data breach notification services like Have I Been Pwned obtained the data and sent out notifications to affected families. Those who discovered their information was included in the breached data may have noticed suspicious activity on their accounts or devices that they use regularly. Some may have also seen unwelcome pop-ups or notifications from Firefox or device security software warning them that their information had been compromised.
The parent learned that their data, including gender and billing information, as well as some health data like immunizations was stolen by iD Tech. They are now wondering how much of their personal information other parents have shared with the company.
In order to be eligible for a data breach notification under the Children’s Online Privacy Protection Act (COPPA), a website must meet certain requirements. These include ensuring that any personal information collected from users is not publicly available, and linking any personally identifiable information (PII) to an individual only if the user has provided their consent. One requirement that is less well-known is that breached data must relate to the date of birth of the child
The parent was not pleased with the response that they received from iD Tech after learning of their account being hacked. The parent contacted the company to inquire about notification, and iD Tech claimed that it had already notified affected account holders. The parent was skeptical of this claim, as they believed that more information should have been provided.
It’s unclear exactly how many iD Tech account holders were affected by the data breach, but it appears that a significant amount of personal information was accessed. Whether or not iD Tech has informed any of those affected is unknown, and it’s possible that some may have been unaware of the attack until now. The company should take measures to ensure that everyone impacted by this breach is aware of what happened and has access to help resources.
One possible reason why iD Tech has not publicly acknowledged the breach is that they believe it is too late to prevent data theft. In a communication sent to parents, the company claimed that they detected “suspicious activity” on August 10th and began investigating. However, because their investigation was ongoing at the time of the breach, it is possible that further damage has been done. Additionally, because notification laws vary from state to state, iD Tech may be unaware if their breach has been reported to offices of state attorneys general.
The sender of the email declined to provide their name for this story, but did say that they work for an unnamed generic company that is concerned about the safety of its users. They justified their refusal to comment by saying that they are still investigating the matter.
Sports Illustrated’s Jonathan Jenkins unearthed an email exchange between Ingram and Former Oregon State head coach Mike Riley in which Ingram discusses using Riley’s system at Alabama. In the exchange, Ingram explains that he wants to play for a “system