Maker of ‘smart’ sex toy pays price for data breach of users’ intimate preferences

PUBLISHED : Wednesday, 15 March, 2017, 3:10pm
UPDATED : Wednesday, 15 March, 2017, 10:06pm

The maker of a “smart” vibrating sex toy is paying the price for delving too deeply into the private activities of users, without protection.

The Canadian maker of the We-Vibe agreed to pay damages of US$3.75 million, or up to US$10,000 for each user whose intimate personal data was collected, in a settlement filed last week for a class-action lawsuit.

The We-Vibe, which can be controlled by a smartphone app, was promoted at the Consumer Electronics Show in Las Vegas as a device for couples, using technology to improve sexual experiences.

The class-action lawsuit was filed last year in Chicago alleging the parent company Standard Innovation collected “highly intimate and sensitive data” from its Bluetooth-connected app and uploaded the information to its servers in Canada.

According to the lawsuit, the company “intercepted” data such as each user’s “desired vibration intensity level” and vibration mode or pattern, without consent.

The company was also allegedly able to view the temperature of the device and communication sent in the “connect lover” mode designed to facilitate relations between a couple remotely, despite a promise of security.

The lawsuit was filed after security researchers at last year’s Defcon hacker event revealed security flaws in the vibrator’s mobile app that could allow data to be improperly accessed and could in theory allow someone to take control of the device.

The lawsuit alleged “a wholesale disregard for consumer privacy rights” and violation of several laws.

Under the settlement, users of the mobile app may receive up to US$10,000 and others who purchased the vibrator US$199, court documents showed.

In a statement, Standard Innovation said it was “pleased to have reached a fair and reasonable settlement” and added that “we take customer privacy and data security seriously.”

The company said it took steps in September to tighten security and give customers “more choice in the data they share.”