VTech Has Yet to Put a Price on Hack, Chairman Says

8 Dec 2015 | Author: | No comments yet »

At School And At Home, How Much Does The Internet Know About Kids?.

As Hong Kong reels from last month’s hacking of kid’s technology maker VTech, global telecoms experts say the city is still one of the world’s leading lights in terms of the importance it places on protecting data privacy. “Hong Kong is at or near the top of the list in addressing the cyber security privacy questions,” said Thomas Dailey, chief international legal and regulatory officer at Verizon. In late November, the maker of learning products for toddlers disclosed that an “unauthorized party” hacked into its database and stole information including the names and birth dates of 6.4 million children and 4.9 million adults as well as headshots and chat messages.Parents who gave their child a Kidizoom smartwatch or a VTech InnoTab tablet may have exposed them to identity theft after Hong Kong-based VTech said hackers stole the personal information of more than 6 million children.

Almost half the accounts hacked were in North America, VTech’s top market, which contributed nearly half of the company’s $928 million revenue for the six months ended September. The breach underscores how digital products aimed at kids often have far weaker security than other computer products, and may pose a threat to a booming industry. Moreover, it recently ushered in a new Innovation and Technology Bureau, which is expected to pitch in with such issues as cybersecurity. “The government attaches great importance to data protection, in particular protection of personal data,” said a spokesperson from the office of Hong Kong’s chief information officer.

VTech says its education websites, which include an app store for learning games, e-books and other educational content, have been suspended since Nov. 29 as the company investigates the breach. “Certainly there is financial impact to us in this whole incident by not having the service online before Christmas, but our top priority is on getting the data secured,” Mr. Still, it’s a warning for people who don’t understand how much data and sensitive information is in a child’s toy. “The last thing you would ever imagine is that a toy manufacturer would lose your child’s identity,” said Liam O’Murchu, a Symantec Corp. researcher known for his work dissecting complex malware produced by nation states. “This shows that it’s harder and harder to do things safely online,” he said.

In the middle of November, VTech’s customer database was broken into, which exposed five million customer accounts, mostly belonging to parents, and the profiles of nearly 6.4 million kids worldwide. VTech said the hackers compromised its Learning Lodge app store, which provides content for children’s tablets, and its Kid Connect mobile app service that lets parents communicate with those tablets.

It included all information related a family as an email address, password, the home address of parents, first names, gender and birthdays of the children. Dailey said most data breaches like this are not caused by “brutal force” attacks that require sophisticated technology or strong computational power. New York-based Rosen Law Firm is seeking class-action status in a lawsuit on behalf of U.S. buyers of VTech devices who used the company’s online services. Joe Barton (R-Texas) sent a letter to VTech, wanting to know if the company is complying with a law called the Children’s Online Privacy Protection Act.

Toys that gather data on the user, like VTech’s line of cameras, watches and tablets and their associated websites, will grow by 58 percent annually, according to Juniper. The company claimed that there was a hacker behind this attack, but that hacker refused to accept anything like this and negated by saying that he was not behind this hacking attack.

That category includes dolls like Mattel Inc’s recently introduced Hello Barbie, which connects to home wireless networks and communicates with servers to enable conversations by uploading audio and getting responses from the cloud. Vtech sells children’s tablets, electronic devices for learning, toys and other baby monitors as well though the record didn’t include information regarding payment, credit cards, social security cards or driver license numbers. A nonprofit advocacy group called Electronic Frontier Foundation has filed a complaint with the Federal Trade Commission over Google’s data mining practices.

More than half of classroom computers in the U.S. are Chromebooks and many students and teachers are using Google Apps For Education, a group of tools that include Gmail, Google Calendar, Google Docs and the purpose-built Google Classroom. If it had contained other personal information, it would have been a bigger theft and company might have faced problems by seeing itself in deep waters. Anya Kamenetz of NPR’s Ed Team and Lorenzo Franceschi-Bicchierai, a staff writer for the tech news website Motherboard who has reported on the VTech data hack, spoke to All Things Considered about the issue of children’s privacy. Wong said he and his team spent the days after learning about the breach on Nov. 24 verifying and assessing the hack before informing users Nov. 27 and suspending online services two days later.

It is also reported that the focused database didn’t have any type of installment data, charge card data, Social Security numbers or drivers license card numbers. Other information, including names, birth dates and genders, wasn’t encrypted, VTech said, and neither credit-card information nor social-security numbers were breached. He analyzed it (the data) a little bit further, and he realized that you could actually link the two databases, and basically figure out who the kids were. Last week, VTech said it has hired Mandiant, a cybersecurity forensic team from computer-security firm FireEye, FEYE -4.09 % to investigate the hack and improve security. Wong, who has a 3-year-old grandson, said he sympathizes with parents concerned over having sensitive information about their children leaked, but that it is unrealistic to bar children from the Internet.

Rather, the industry must ensure that online toys and games are as secure as physical ones, he said. “This case shows that the concept of a data breach is not just one that concerns a large bank or government agency,” said Jonathan Fairtlough, managing director at cybersecurity investigator Kroll. “If a company has any data about its customers, there is the possibility it may be exposed.” When you or I are logged in to Google, whether we’re using search, or Maps, or gmail, we have one account and that’s following us around — sometimes literally in the physical world — and it’s collecting information.

When you’re logged in and using Chrome, which is their web browser, Google can actually, with permission, track your entire browsing history, every site you visit.

Here you can write a commentary on the recording "VTech Has Yet to Put a Price on Hack, Chairman Says".

* Required fields
Our partners
Follow us
Contact us
Our contacts


ICQ: 423360519

About this site