Parents are growing increasingly frustrated as iD Tech, the tech and coding camp provider for kids, has yet to acknowledge a data breach that occurred on January 3, 2023.
A hacker claimed to have stolen close to one million user records, including names, dates of birth, passwords stored in plaintext and about 415,000 unique email addresses.
That could equate to each parent’s account having one or more kids in the camp. The company has yet to notify parents or publicly acknowledge the breach.
Some parents only found out in March when data breach notification services, such as Have I Been Pwned, obtained the data and sent out notifications to affected families.
Other parents found out when Firefox or their device security software notified them that their information was found in the breached data.
One parent, who learned from a breach notification service that their data had been stolen, said the breached data must relate to the child’s date of birth because they never provided their own.
The parent also said that the stolen information is only a portion of the data that iD Tech collects on account holders and children who use its platform, including gender, billing information and some health data, such as immunizations. The parent has not yet heard from iD Tech regarding the breach.
When the parent contacted the company to inquire, iD Tech claimed that it had already notified affected account holders, but there is no evidence to support this claim.
When reached by email, iD Tech CEO Pete Ingram-Cauchi declined to explain why the company has not publicly acknowledged the breach or provide a copy of the communication that iD Tech claims to have sent to parents.
The company has not reported the breach to state attorneys general, either. iD Tech provided a brief statement from a generic company email address declining to comment, citing an ongoing investigation.
