The company said the security breach hit its Learning Lodge online store Tuesday, where customers can download apps, ebooks and games.
Advertisement
Educational toy maker VTech has said 11.6 million accounts were compromised in a cyberattack last month, including those of 6.4 million children.
The COPPA regulation relates to ensuring consent to collect data for the most part, but the rule is quite specific about limiting the disclosure of information, Bower said.
Parents of children who use the popular VTech brand of toys and electronics should rush to change passwords.
In trying to limit the damage and ease the concern of clients, VTech released a statement saying that no financial or payment details had been stolen. However, the attack did expose VTech’s inadequacy to protect its IT infrastructure and customer data.
Their parents’ data included name, mailing address, email address, secret question and answer for password retrieval, IP address, download history and encrypted password.
It’s unclear why the company was storing this data on its servers.
VTech says hackers may have stolen millions of their customers personal information.
A total of around five million customer accounts and, according to Motherboard, that first reported on the breach, more than 200,000 kids have had their information compromised as well.
The affected database doesn’t contain any credit card numbers or personal identification information such as Social Security or driver’s license numbers, VTech says.
VTech promotes its Kid Connect service as a way for kids to safely join in digital communication, but the hacker claims he found tens of thousands of pictures of children and their parents, as well as chat messages and some audio files. Hunt believes that users should not expect that VTech has shored up the breach yet. “Upon discovering the breach, we immediately conducted a comprehensive check of the affected site and have taken thorough actions against future attacks”, the company said in a statement on their website.
Advertisement
Chat logs between parents and children were also inappropriately accessed, as well as photos of children, according to Motherboard.
