Digital Toy Maker VTech Reports Customer Data Stolen

VTech, the company which specialises in electronic toys and educational material for children, has had its app store database, Learning Lodge, compromised in a recent cyber attack.  An unauthorised party accessed VTech customer data housed on the Learning Lodge on 14 November 2015.

Learning Lodge allows customers to download apps, learning games, e-books and other educational content to their VTech products.

VTech disclosed the attack in a statement on its website that did not say how many records were stolen. The news site 'Motherboard' reported that data belonging to some 5 million parents and more than 200,000 children were taken. The breach was confirmed by security analyst Troy Hunt, who verified a sample of the stolen data dumped on to the internet, which contained a wealth of customer information including the names, genders, birth dates and addresses of children.  Customers from all four corners of the globe have been affected by the breach.

Since the attack VTech has disabled 13 websites.  In an email to customers, the company said: "Upon discovering the unauthorised access we immediately conducted a thorough investigation, which involved a comprehensive check of the affected site and implementation of measures to defend against further attacks."  The company stressed it was "important to note that our customer database does not contain any credit card or banking information" nor social security numbers.

Following this massive breach of data, the Hong Kong firm has suspended trading on the Hong Kong stock exchange whilst it investigates the full extent of the damage caused by the security fault.

This is the latest in a long line of data breaches that includes the recent TalkTalk hacks, which saw a database of millions of customers being accessed by hackers, leading to phishing attacks and scams.

Professor Alan Woodward, a cybersecurity expert at Surrey University, commented on the BBC News website that it looked like VTech may have been subject to a simple hacking technique known as an 'SQL injection', which is a special-purpose programming language designed for managing data.

"These breaches are endemic and we have to stop. If that means focusing the minds of these companies through big fines then so be it. It needs to be taken seriously and those responsible held to account," he told the BBC.

VTech are still to comment further on developments on the database hack.

If you are affected by any of the issues raised by this story please do not hesitate to contact the team of experts at McDaniel & Co. on 0191 2814000 or legal@mcdanielslaw.com