NEWARK — A California company will shut down its fashioned-theme teen website to resolve allegations by New Jersey officials that the company improperly collected personal information from more than 2,500 children in the state, which was then compromised in a data breach.
According to New Jersey Attorney General Gurbir Grewal and the New Jersey Division of Consumer Affairs, Unixiz, Inc., which operated the "i-Dressup" website, failed to safeguard user information it obtained from children without verifying parental consent in violation of the Children's Online Privacy Protection Act. The information was then hacked during a 2016 data breach, the Attorney General's Office said.
“Children are extremely vulnerable on the Internet, and we must do all we can to protect them from being exploited by advertisers or tracked by Internet predators,” Grewal said in a statement. “We are committed to vigorously enforcing state and federal privacy protections and we will do everything we can to ensure that website operators comply with their duty to provide an extra layer of security on sites catering to young children.”
According to the New Jersey Division of Consumer Affairs, of the more than 24,000 i-Dressup accounts of New Jersey residents that were compromised, more than 10,000 were under 18.
Unixiz also has agreed to pay civil penalties and to put verifiable parental consent measures on all its company-operated websites which collect children's information, the Attorney General's Office said.