"Kids Tech Camp iD Tech Still Silent Weeks After Data Breach"

Parents are still looking for answers weeks after hackers stole the personal data of thousands of users from kids' tech coding camp iD Tech.  Many parents fear their children's data was compromised during the data breach.  iD Tech, which provides on-campus classes and online tech and coding courses for kids, has yet to acknowledge the breach or notify parents.  News of the data breach broke in February after a hacker on a cybercrime forum claimed to have hacked iD Tech a month earlier on January 3.  The adversary claimed to have stolen close to 1 million user records, including names, dates of birth, passwords stored in plaintext, and about 415,000 unique email addresses, which iD Tech did not dispute when reached by email.  That can equate to each parent's account having one or more kids in classes at the tech camp.  Some parents only found out as recently as March 6 when data breach notification services like Have I Been Pwned obtained the data and sent out notifications to affected families.  Other parents found out when other services, like Firefox or their device security software, notified them that their information was found in the breached data.  After learning of the breach from a data breach notification service, one parent told TechCrunch that the stolen information is only a portion of the data that iD Tech collects on account holders and the children who use its platform, including gender, billing information, and some health data, like immunizations.  The parent said that the breached data must relate to the child's date of birth because they never provided their own.  The parent said that iD Tech has not yet notified them of the breach.  When the parent contacted the company to inquire, iD Tech claimed it had already notified affected account holders.  According to TechCrunch, iD Tech has not publicly acknowledged the breach, either on its website or any of its social media channels.  And there's no evidence that iD Tech has notified affected account holders of the breach, either.  When reached by email, iD Tech CEO Pete Ingram-Cauchi declined to explain why the company hasn't publicly acknowledged the breach.  When asked, Ingram-Cauchi refused to provide a copy of the communication that iD Tech claims to have sent to parents.  The company declined to say if the breach had been reported to offices of state attorneys general per data breach notification laws.  Instead, iD Tech provided a brief statement from a generic company email address, declining to comment, citing its ongoing investigation.

TechCruch reports: "Kids Tech Camp iD Tech Still Silent Weeks After Data Breach"