With all eyes on “smart toys” this holiday season and questions in the air around the potential risk to consumers who opt to dive into the world of artificial intelligence, news out of Hong Kong is not looking good.
This past Friday (Nov. 27), Hong Kong-based VTech Holdings, seller of children’s tablets, electronic learning toys and baby monitors, announced that it had been the victim of a cyberattack on Nov. 14. Reuters reported that data from the online Learning Lodge portal, run by VTech and used by consumers to access children’s games, eBooks and other educational content, was compromised in the attack.
Although the company has not disclosed how many records were accessed, some media outlets were reporting that content linked to 4.8 million parents and more than 200,000 children was taken from the site by the cybercriminals. The data breached included parents' full names, email addresses, passwords and home addresses. The first names, gender and birthdays of children who have accessed the site were also reportedly taken.
In a statement issued by VTech, the company clarified that its customer database does not contain any credit card data and that any transactions completed in order to access content in the Learning Lodge portal were handled through a secure third-party payment gateway. It did acknowledge that encrypted passwords, secret questions and password retrieval information, as well as IP addresses and download histories, were housed in the database and potentially compromised during the breach.
It also sought to reassure customers, saying “upon discovering the unauthorized access, we immediately conducted a thorough investigation, which involved a comprehensive check of the affected site and implementation of measures to defend against any further attacks.”
VTech was alerted to the attacks by a journalist on Nov. 23 and began to investigate, quickly confirming the attack.