In the last month, there have been several cases of hackers gaining access to indoor home-security cameras. In one case, a hacker called the child of a biracial couple a baboon. In another case, a hacker told a child that he was Santa Claus and called her a racial slur.

“The more all of this data goes on the cloud, the more vulnerable we are,” Dr. King said. “If the company isn’t necessarily practicing the best security practices you can do all you can and you’re still going to be exposed.”

The United States has yet to enact a consumer data protection law and an independent agency to enforce it. Americans have the Federal Trade Commission, an agency that oversees policy privacy but has increasingly failed to police tech companies.

“The F.T.C. is an old agency and they don’t have the same rule-making authority that an agency like the Environmental Protection Agency has,” Dr. King said.

Some senators have tried to create a space for consumer data to be protected by the F.T.C. In October, Senator Ron Wyden, Democrat of Oregon, introduced the Mind Your Own Business Act. The bill would allow the F.T.C. to impose fines for privacy violations and would make it a crime for companies to lie to regulators about their data practices.

While Congress has not yet passed federal legislation to provide consumers with protections against data breaches, all 50 states and D.C., Guam, Puerto Rico and the U.S. Virgin Islands have enacted laws that require companies like Wyze to make their customers aware of data breaches that involve their personal information, Riana Pfefferkorn, the associate director of surveillance and cybersecurity at the Stanford Center for Internet and Society, said in an email Monday.

“In recent years an increasing number of states have enacted data security laws as well,” Ms. Pfefferkorn said. “Those laws require entities that hold personally identifiable information about a state’s residents to make reasonable efforts to secure that information — to prevent a breach from happening in the first place.”