Hacking of Hong Kong’s VTech may prove worst cybersecurity breach of 2015 in Asia

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.scmp.com/tech/social-gadgets/article/1889330/hacking-hong-kongs-vtech-may-prove-worst-cybersecurity-breach

The massive hacking of customer accounts at Hong Kong-based educational toy
maker VTech, which left more than six million children’s profiles exposed,
may have been the worst cybersecurity breach in the Asia-Pacific this year.

“If we made a top-five list today, VTech would place first on the list for
the Asia-Pacific based on the reported number of accounts affected,”
Forrester Research senior analyst Heidi Shey said.

The VTech incident last month compromised 4.8 million parent accounts and
6.4 million related children’s profiles on the company’s Learning Lodge app
store customer database and Kid Connect servers.

Also affected were 235,708 parent and 227,705 children accounts at the
company’s Planet VTech online games platform.

That was worse than the data breach at Japanese online shopping mall
operator Rakuten in April, when the identification and passwords of about
five million customers were stolen.

A recently published Forrester report showed the Rakuten incident was
listed as the top corporate data breach in the Asia-Pacific over the past
12 months. Details of the VTech hack were only released last week.

VTech chairman Allan Wong Chi-yun said he blames an “orchestrated and
sophisticated attack on our network” for the incident, which ranks as the
largest known targeted hack on children’s data worldwide.

Hong Kong’s privacy commissioner Stephen Wong Kai-yi last week said an
investigation had been launched into VTech’s system of collecting personal
data and the safeguards used to protect that information.

The company said it was cooperating with law enforcement worldwide to
investigate the incident, and has hired US cyber forensic firm Mandiant to
help in that effort.

Companies in mainland China and Hong Kong are forecast to remain under
siege from growing cyberattacks as the number of data breaches in those two
markets escalated this year.

The average number of detected cybersecurity incidents on the mainland and
the city increased 417 per cent to 1,245, up from 241 last year, according
to a new survey by global professional services firm PwC.

“Today, we are witnessing attacks from all angles, but the industries
facing the most impact include consumer, retail and technology,” Kenneth
Wong, PwC China and Hong Kong’s cybersecurity leader, said on Thursday.

Customer data, internal records and intellectual property were the most
targeted data in detected cyberattacks in mainland China and Hong Kong,
according to the PwC survey.

Respondents reported a 64 per cent rise in security incidents that
compromised customer records, much steeper than the global average increase
of 35 per cent.

The average total financial loss due to cybercrime for companies on the
mainland and Hong Kong was up 10 per cent to US$2.63 million, compared with
US$2.4 million in the survey last year.

Wong pointed out that the numbers from its survey will likely be
conservative because many companies rarely publicise cybersecurity
incidents in their operations.

Respondents also said current and former employees were the source of half
of all the detected data breaches security in the survey.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!