VTech says 6.4 million kids affected by recent hack

VTech Holdings Ltd., the Hong Kong maker of digital learning toys and cordless phones, said Tuesday that information about at least 6.4 million children had been exposed in a recent data breach. The database contains user profile information such as name, email address, password, IP address and mailing address.

As if it were some kind of consolation for now anxious parents, VTech says that the “database does not contain any personal identification data (such as ID card numbers, Social Security numbers or driving license numbers)”.

VTech is a Chinese company that sells educational toys such as tablets, phones, smartwatches and baby monitors for kids as well as ebooks, games and apps for its electronic products.

It’s unclear why VTech was targeted, but attorneys general in IL and CT announced that they will investigate the incident.

Vtech have not provided any information on why these photos and also the chats were actually stored on their servers, we suspect there are going to be a lot of unhappy parents.

Customers affected by the database breach include those residing in the United States, Canada, UK, Ireland, France, Germany, Spain, Belgium, the Netherlands, Denmark, Luxembourg, Latin America, Hong Kong, China, Australia, and New Zealand, the company says.

The breach took place on November 14 and was discovered 10 days later.

This time, hackers gained access not only to children’s names, birthdates, genders, but their pictures as well.

“Due to a breach of security on our Learning Lodge website, we have temporarily suspended the site”, said a message on the Learning Lodge site Monday. However, the data obtained by the hackers could potentially be combined with additional personal information on the victims and then used to create detailed profiles.

The COPPA regulation relates to ensuring consent to collect data for the most part, but the rule is quite specific about limiting the disclosure of information, Bower said.

Thirteen other Vtech services have been taken offline by the company as a precautionary measure.

Security expert Troy Hunt said that all communication through the app was unencrypted, meaning that when a hacker got access to the database all of the information could be read.