Security Breach at Toy Maker Exposes Data on Children

• By Sydny Shepard
• Dec 01, 2015

A maker of digital toys for children said it had been hacked, putting the personal information of five million people, including children, at risk.

VTech, a Hong Kong company that sells tablets and other electronics as educational tools, said in a statement that its Learning Lodge database had been compromised in early November. Learning Lodge is an online store for VTech devices where users can download apps, games, e-books, videos and music, all geared towards children.

Hackers were able to retrieve adult’s profile information, including names, email addresses and passwords. They also obtained secret questions and answers for password retrieval, I.P. addresses, mailing addresses and download histories.

The compromised database also contained the names, gender and birth dates of children, which was a bigger concern to security researchers. The exposed data could allow someone to link a child to his or her parents and pinpoint the child’s physical address.

No credit card information was stored, the company said, and some of its websites were shut down as a precaution. Officials in Connecticut and Illinois said they planned to investigate the breach.

The hacking at VTech joins a growing list of prominent data breaches in recent years, including at major retailers like Target, websites like Ashley Madison and corporations like Sony.