The makers of a high-tech, talking Barbie doll have been hit with a class-action suit by parents who say a security flaw with the toy has allowed hackers to compromise their children’s privacy.
In the wake of reports that the “Hello Barbie” doll collects personal information that can easily be obtained by hackers, attorneys in Los Angeles Superior Court on Monday filed a suit against Mattel, ToyTalk and kidSAFE, an independent company that ensures toys adhere to provisions of the Children’s Online Privacy Protection Act, or COPPA.
Michael Kelly, an attorney for two women leading the suit, told Courthouse News that the latest claim “should not be mistaken for a frivolous complaint over a toy.”
“Providing hackers, who know no bounds in their invasive activities, with potential interactive access to any child or adult who is in proximity of a doll, is a very serious matter, and dictates the very highest safeguards and warnings available,” the lawyer said.
Security researcher Matthew Jakubowski told NBC News last month that digital information collected by the doll is stored remotely on the cloud and can be compromised to allow an unauthorized person to access sensitive information that should have been protected.
“I was able to get some information out of it that I probably shouldn’t have,” Mr. Jakubowski said, including system information, Wi-Fi configuration settings and other unique data that could be traced back to a particular doll.
“You can take that information and find out a person’s house or business,” he said. “It’s just a matter of time until we are able to replace their servers with ours and have her say anything we want.”
In turn, the parents behind this week’s suit allege people who bought the doll have suffered from “emotional distress, loss of privacy and overpayment,” their complaint claims.
Mattel and ToyTalk, the company behind the technology that allows the doll to interact, have said the toy is secure, but the plaintiffs allege in their suit this week that kidSAFE has yet to certify the doll or its software as COPPA-compliant and accuse the companies involved for making “false and misleading” representations to the contrary.
“Further, as award-winning and leading toy manufacturers, ToyTalk and Mattel have a duty to take all reasonable measures to protect the personal information they collect from children,” the complaint states.
“Hello Barbie is certified as COPPA compliant by kidSAFE, a children’s privacy certification program approved by the U.S. Federal Trade Commission,” a representative for ToyTalk told Courthouse News. “Because the claim is pending, we have no further comment at this time.”