VTech Admits 6.4 Million Kids Affected In Massive Data Breach; Hong Kong Regulators Investigating Toy Maker

[Inga Goddijn <inga () riskbasedsecurity com>]

http://www.ibtimes.com/vtech-admits-64-million-kids-affected-massive-data-breach-hong-kong-regulators-2206752

Chinese toy manufacturer VTech announced it will work with Hong Kong data
regulators after hackers accessed information belonging to 6.4 million
children. That’s a big update after the Hong Kong-based company previously
said
<http://www.ibtimes.com/vtech-takes-learning-lodge-website-offline-after-hack-reveals-details-over-200000-2203642>
that attackers accessed data on approximately 5 million adults and
only 200,000 kids.

A statement posted on VTech’s website
<http://www.vtech.com/en/media/faq-about-data-breach-on-vtech-learning-lodge/>
Tuesday makes it clear that the 6.4 million children affected in the data
breach discovered on Nov. 24 far exceeds the 4.9 million parents. Hackers
accessed information including children’s names, gender and birthdates, the
company said, though Vice Motherboard also reported
<http://motherboard.vice.com/read/hacker-obtained-childrens-headshots-and-chatlogs-from-toymaker-vtech>
that pictures and chat logs were also left exposed. Initial reports suggest
it's the fourth-largest consumer data breach ever, with families across the
world potentially impacted.

“I’ve never seen a hack that affected children as much as this one,” Chris
Wysopal, co-founder of the cybersecurity company Veracode, told Reuters
<http://finance.yahoo.com/news/toymaker-vtech-says-data-6-193816486.html>
Tuesday. “This is sort of the Ashley Madison for children. People
unwittingly trusting their personal information in a company that wasn’t
equipped to handle it.”

Customers with the most data affected live in the United States, with
France, the United Kingdom, Germany, Canada, Spain, Belgium and the
Netherlands also affected in that order.

VTech is an international children’s toy maker that supplies young families
around the world with connected learning technology. Hackers gained access
to VTech’s Learning Lodge, an online portal where users register for
accounts and download apps and e-books.

Hong Kong’s Office of the Privacy Commissioner for Personal Data also
announced Tuesday it will conduct a “compliance check” to examine whether
VTech did enough to protect user data before the data breach. Punishment
for noncompliance can include fines in the thousands of dollars.

“VTech indicated that they would notify the PCPD formally about this data
leakage incident which involved data of 5 million customer accounts and
related kids’ profiles worldwide,” Stephen Wong, privacy commissioner at
the PCPD, said in a statement
<https://www.pcpd.org.hk/english/news_events/media_statements/press_20151201c.html>
Tuesday.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!