VTech hack: Four crucial takeaways for every parent and CEO

2 Dec 2015 | Author: | No comments yet »

Hack exposes 6.4m kids’ data.

Educational toy maker VTech is expected to face intense legal scrutiny in the United States as more than six million children’s profiles, including nearly half from that country, were exposed by last month’s cybersecurity breach at the Hong Kong-based company. “VTech will most likely be subject to a number of class-action lawsuits in the US on behalf of parents who fear the damage they will suffer as a result of the data breach,” Paul Haswell, a partner at technology-focused international law firm Pinsent Masons, told the South China Morning Post.

Toymaker VTech will be investigated by several US states after a hack that exposed the private data of 6.4 million children, including photos and addresses. In an updated post on its website on Wednesday, VTech said there were a total of 4.8 million parent accounts and 6.4 million related children’s profiles affected by the hack of its Learning Lodge app store customer database and Kid Connect servers.

Around 10 million accounts have been compromised, and VTech says that 6.3 million of those include information belonging to children’s profiles on the toys. According to the company the stolen details include names, addresses, emails, IP addresses, secret questions and answers for passwords for the adult accounts.

People unwittingly trusting their personal information in a company that wasn’t equipped to handle it.” The company’s statement said the children’s profiles included only name, gender and birth date. It also ranks as the largest known targeted hack on children’s data worldwide. “No doubt VTech will seek to settle such claims as quickly as possible, but that may not save the company from the damage its reputation has suffered.” A VTech representative said the number of those affected in Hong Kong was “very small”, so the company lumped that into “others” in its breakdown. “The most upsetting part of this incident for the parents will be knowing that their children’s data is out there forever,” said Michael Gazeley, managing director at Hong Kong-based security services provider Network Box. The Hong Kong Privacy Commissioner Stephen Wong said his office had initiated a “compliance check” on VTech to see if the company had followed data privacy principles. Stolen data on their parents included name, mailing address, email address, secret question and answer for password retrieval, IP address, mailing address, download history and encrypted password. In August, US retail chain Target agreed to pay US$67 million to settle claims related to a data breach in 2013 that compromised 40 million credit and debit cards.

Louise Bulman, a vice president at encryption and data security company Vormetric said: “VTech has joined the increasingly long line of organisations facing a rather bleak end to 2015, as it becomes the latest to suffer a high-profile data breach.” “What’s most concerning here is the nature of the information stolen – that which relates to children – and the varying reports over the level of encryption around the compromised data.” “The VTech breach highlights yet again that organisations should be focussing on making sure sensitive data remains protected when (not if) it falls into the wrong hands – and encryption is critical to achieving this.” Raj Samani, a vice president at Intel Security, said: “This attack on VTech adds to the numerous data breaches and hacks that have hit the headlines this year, leaving swathes of sensitive customer details, in this case the details of children, in the hands of criminals. “This Christmas, parents should take the time to understand how a toy connects and interacts with the online world, to make sure their child’s latest toy isn’t sharing sensitive information or broadcasting video to unknown viewers. They are amateurs in the field of security.” Seth Chromick, a threat analyst with network security firm vArmour said: “This breach is a parent’s nightmare of epic proportions. A different approach to security for all organisations is needed.” Chris Wysopal, co-founder of cybersecurity firm Veracode, said it could be a wake up call for families in the same way that the hack on infidelity website Ashley Madison exposed cheaters. Stolen records such as credit card details and personal information are available online for around £1 each, while records and photos of minors could be worth considerably more on the darkweb, experts say.

Here you can write a commentary on the recording "VTech hack: Four crucial takeaways for every parent and CEO".

* Required fields
All the reviews are moderated.
Our partners
Follow us
Contact us
Our contacts


ICQ: 423360519

About this site