Regulators Investigate Root of VTech Hack

There?EU?s no new insight from VTech into the data breach that was initially thought to have affected 5 million user (parent) accounts. But the electronic toy maker (Image: VTech InnoTab MAX) is working with Hong Kong regulators to determine the root of the hack, which also leaked information about children.

The database of the company?EU?s Learning Lodge app store, which allows customers to download apps, e-books and learning games, was breached on November 14 HKT (Hong Kong Time). The hack was discovered on November 24 HKT and customers were notified on November 27 HKT.

In an update today (December 2 HKT) on its FAQ page, VTech said that in addition to the 5 million user accounts, nearly 6.4 million child profiles were exposed in the data breach -- the majority of them in the U.S. According to VTech, 2,212,863 U.S. parent accounts and 2,894,092 U.S. child profiles were exposed.

"In total 4,854,209 customer (parent) accounts and 6,368,509 related kid profiles worldwide are affected, which includes approximately 1.2 million Kid Connect parent accounts. In addition, there are 235,708 parent and 227,705 kids accounts in PlanetVTech. Kid profiles unlike account profiles only include name, gender and birthdate," the company said.

Hong Kong?EU?s Office of the Privacy Commissioner for Personal Data (PCPD) has launched a compliance check on the data leak to find out whether VTech took the appropriate steps to safeguard personal data before the breach -- and what remedial actions the company has adopted to avoid similar hacks in the future.

Who?EU?s To Blame?

?EU?PCPD will take appropriate actions in light of the results of the compliance check and make recommendations with a view to assisting VTech to comply with the Personal Data Ordinance and protecting the personal data of general public,?EU? said Stephen Wong, the privacy commissioner for personal data, in a statement.

The investigation could...

Comments are closed.