A company which specialises in electronic toys and educational material for children has revealed it has been the victim of a cyber attack.
Advertisement
The breach impacted customers of VTech’s app store, Learning Lodge.
The information that was included was profile info, which includes names, addresses, IP addresses, email addresses, history of downloads and secret answers to security questions.
The company noted that its customer database does not contain any credit card information or personal identification information such as social security number or driver’s license number. The data includes kids’ birthdays and home addresses, as well as their parents’ passwords and password hints. Also in the email, Pang attempts to reassure customers by pointing out that no credit card information was stolen, as it is not kept in the Learning Lodge database, but instead, in order to complete a transaction, consumers are taken to a third-party website.
Vtech, the giant toymaker, has been hacked and the hackers obtained information out of their customer data base.
“After confirming the facts surrounding the unauthorized access to our customer database, we informed our customers as swiftly as possible on November 27 HKT”, the company says in a FAQ.
Following the hack, VTech has stopped its trading activities on the Hong Kong Stock Exchange along with suspending 13 of its websites.
The site said it had spoken to the hacker who claimed to be behind the attack, who said he planned to do “nothing” with the data.
The silver lining is that the hacker said they did not intent to publish the data. Moreover, upon discovery of such fraudulent act, the company immediately conducted a thorough investigation. “We are committed to protecting our customer information and their privacy, to ensure against any such incidents in the future”, said VTech in a statement.
As what VTech calls “an additional precautionary measure”, the company has temporarily suspended Learning Lodge and additional websites for “security assessment and fortification”.
Information security experts say this is extremely worrying as it is the largest data breach to date concerning children, especially as it enables hackers to link them to their parents.
Advertisement
The database also reportedly held information about children’s birthdates, names and genders.
