For full functionality of this page it is necessary to enable JavaScript. Here are the instructions how to enable JavaScript in your web browser Cyber hack: The overlooked consumer product recall threat

Cyber hack: The overlooked consumer product recall threat

The Consumer Product Safety Commission’s (CPSC) recall announcement webpage reads like a horror house of hazards threatening the public, including burns, electric shock, drowning, strangulation, and fire.

But one threat that may frighten many consumers, and doesn’t necessarily yet rise to the level of a recall, is cybersecurity vulnerability.

The CPSC’s Recall Handbook states that companies must report products that “contain a defect that creates a substantial risk of injury to the public to warrant such remedial action.” But there are instances where security vulnerabilities with connected products have been exposed. In some cases, toys and other children’s products have been hacked, allowing the criminals to spy on children, track their movements, and even speak to them inappropriately.

At what point does this type of hacking present a “substantial hazard” warranting a recall as the CPSC requires? Hacking a medical device like a pacemaker can mean life or death. While a connected toy that’s mobile could pose a threat or inflict physical harm if commandeered by a hacker, these kinds of vulnerabilities usually don’t trigger a recall. In fact, in its notice of a public hearing, the commission said:

  • The consumer hazards that could conceivably be created by IoT devices include: Fire, burn, shock, tripping or falling, laceration, contusion, and chemical exposure. We do not consider personal data security and privacy issues that may be related to IoT devices to be consumer product hazards that the CPSC would address.

While cybersecurity vulnerability isn’t as high a priority for recall regulators, there are other regulations that might apply in helping to keep the public safe. The Children’s Online Privacy Protection Rule (COPPA), includes guidance from the Federal Trade Commission to clarify the law “can apply to the growing list of connected devices that make up the Internet of Things. That includes connected toys and other products intended for children that collect personal information, like voice recordings or geolocation data.”

Regardless of whether a product falls under these mandates, regulatory rules aren’t the only factors manufacturers must consider when it comes to product safety. Some retailers have stopped carrying children’s products that have reportedly been hacked, causing damaged brands and negative headlines across the country. And as far as most parents are concerned, these examples of hacking are very frightening. They may expect companies to recall vulnerable products – even if they are not technically required to do so.

Get Recall Updates and More

Stay on top of the latest in Recalls with Expert Solutions! Our Quarterly Recall Index insights keep you up-to-date with recall trends, while our blogs and Expert Spotlight provide timely information from industry specialists.

Subscribe Now
Stericycle ExpertSOLUTIONS

Stericycle Expert Solutions focuses on helping customers by providing proven, customer-centric, scalable services that protect people and brands, promote health and safeguard the environment.

Find Out More

Get In Touch

If you're ready to get started with our extensive suite of services then contact us today. We have a team of experts ready to assist you!

Contact Us today