Blumenthal & Blackburn Demand Answers from Toy Maker for Exposing Sensitive Data Involving Children to the Public

[Hartford, CT] - Today, U.S. Senators Richard Blumenthal (D-CT) and Marsha Blackburn (R-TN) sent a letter to the Chief Executive Officer of Miko, Inc., launching an investigation into why the company exposed sensitive data involving children through an unsecured, publicly accessible dataset. This dataset reportedly contained thousands of responses to children's questions or instructions from the company's AI-powered toys, often including names and details of conversations.

The company took down the publicly accessible dataset after receiving the Senators' letter. Senators Blackburn and Blumenthal also sent letters to FoloToy and Curio Interactive, Inc. following up on their previous probe asking what safeguards these companies have in place to protect kids from sexually explicit, violent, or otherwise inappropriate content.

"As a toy manufacturer, the safety of children must be your highest priority," the senators wrote. "Toys powered by artificial intelligence raise serious concerns about the data privacy and security of American families, particularly when those products are designed for use by children. These technologies may enable the collection, retention, and monetization of sensitive data from children and their families, raising troubling questions about data mining practices and the use of that information. Children lack the ability to understand or consent to how their data may be stored, shared, or ultimately used without their knowledge. The risks are further exacerbated with chatbot features capable of generating inappropriate, manipulative, or emotionally coercive messages, particularly when those systems encourage prolonged engagement or make it difficult for children to disengage."

"Based on your responses, the staff of our offices conducted cybersecurity testing of a Miko 3 robot through a network capture of its communications with Miko, Inc. services," the senators continued. "On that preliminary testing, we found that Miko, Inc. had left accessible to the public what appears to be all of the audio responses of the toy, providing anyone the ability to download Miko's portion of thousands - if not tens of thousands - of discussions with children going back to December 2025. This basic cybersecurity lapse, and the toys' frequent communications back to Miko, Inc., call into question whether your company adequately protects the privacy and security of children's and the toy's data, and whether it engages in the data minimization practices promised in its response to our letter."

Click here to download the full letter to Miko, Inc.
Click here to download the full letter to FoloToy.

Click here to download the full letter to Curio Interactive, Inc.

-30-

• Print
• Email
• Share
• Tweet