Kids tech camp iD Tech remains silent weeks after data breach
Parents are still looking for answers weeks after hackers stole the personal data of thousands of users from iD Tech kids tech coding camp, with some fearing their children’s data could be compromised in the data breach.
iD Tech, which offers on-campus classes and online technology and coding lessons for kids, has not yet acknowledged the breach or notified parents.
News of the data breach broke in February after a hacker took part in a cybercrime forum claims having hacked iD Tech a month earlier on January 3.
The hacker claimed to have stolen nearly a million user records, including names, dates of birth, plaintext stored passwords and around 415,000 unique email addresses, which iD Tech didn’t argue when contacted by email. This may equal the count of each parent with one or more children in Tech Camp classes.
Some parents only found out on March 6 when data breach notification services like Have I Been Pwned obtained the data and sent notifications to the families concerned. Other parents found out when other services, like Firefox or their device’s security software, informed them that their information had been found in the hacked data.
A parent, who learned from a breach notification service that their data had been stolen, tells TechCrunch that the stolen information is just part of the data iD Tech collects about account holders and children. who use its platform, including gender, billing information and certain health data, such as vaccinations.
The parent said the hacked data must be linked to the child’s date of birth as they never provided their own.
The parent said iD Tech had not yet notified them of the breach. When the parent company contacted the company to inquire, iD Tech claimed that it had already notified the affected account holders.
Indeed, iD Tech has not publicly acknowledged the breach, either on its website or on any of its social media channels. And there is also no evidence that iD Tech notified affected account holders of the breach.
When contacted by email, iD Tech CEO Pete Ingram-Cauchi declined to explain why the company has not publicly acknowledged the breach. When asked, Ingram-Cauchi declined to provide a copy of the communication iD Tech claims to have sent to the parents. The company declined to say whether the breach was reported to state attorneys general’s offices in accordance with data breach notification laws.
Instead, iD Tech provided a brief statement from a generic company email address declining to comment, citing its ongoing investigation. The sender of the email declined to provide their name for this story.
Ingram-Cauchi did not respond to a follow-up email.