In a November 30, 2015, press release, updated on December 3, 2015, in an online posting of Frequently Asked Questions VTech, a maker of digital, internet-connected toys, announced an unauthorized party accessed its Learning Lodge app store database. VTech disclosed that more than 5 million of its customer (parent) accounts, and 6 million related kid profiles were affected. Of that number, more than 2 million parent accounts, and approximately 2.9 million kid profiles, are associated with its United States customers.
VTech said none of its customers' credit card data was stored or accessed. However, VTech advised that its compromised customer database included parent names, email addresses, passwords, and secret question answers, and children's names, gender and birthdates. VTech confirmed that the breach extended to its Kid Connect service, which allows parents using a smartphone app to chat with their kids using a VTech tablet. However, because its investigation is ongoing, VTech cannot confirm at this stage whether photos and chats of children and their parents have been taken.
According to one data security professional, by linking the compromised data the hacker(s) may be able to identify the name, age and address of thousands of children.
The VTech data breach is a reminder that any information you provide online is at risk. As you make holiday purchases, especially toys for your children or children of others, be especially mindful of the personal information you disclose when setting up an account, registering a product, etc.
Check out our series, Privacy Perils, to learn what steps you can take to guard your personal and company data. For more information about this topic and other cyber security concerns, please contact Bob Brewer, Tony McFarland, Elizabeth Warren or a member of our Privacy & Data Security team.