News of companies getting hacked has become pretty commonplace over the past year or two and we can now add another to the list. Toy maker VTech has been hacked with 5 million customer accounts being compromised as well as the data and activity of over 200,000 children. The Chinese company has taken their online learning center (Learning Lodge) offline after the security breach. Learning Lodge is where parents register VTech toys for their children so they can interact with the toys as well as play games, download apps, and other activities. An official statement was made by VTech and follows below.
VTech Holdings Limited today announced that an unauthorized party accessed VTech customer data housed on our Learning Lodge app store database on November 14, 2015 HKT. Learning Lodge allows our customers to download apps, learning games, e-books and other educational content to their VTech products.
Upon discovering the unauthorized access we immediately conducted a thorough investigation, which involved a comprehensive check of the affected site and implementation of measures to defend against any further attacks.
Our customer database contains general user profile information including name, email address, encrypted password, secret question and answer for password retrieval, IP address, mailing address and download history.
It is important to note that our customer database does not contain any credit card information and VTech does not process nor store any customer credit card data on the Learning Lodge website. To complete the payment or check-out process of any downloads made on the Learning Lodge website, our customers are directed to a secure, third party payment gateway.
In addition, our customer database does not contain any personal identification data (such as ID card numbers, Social Security numbers or driving license numbers).
The investigation continues as we look at additional ways to strengthen our Learning Lodge database security. We are committed to protecting our customer information and their privacy, to ensure against any such incidents in the future.
If you wish to contact the company about this data breach and find out if you were affected you can contact the company at the following email addresses set up for different regions.
- US: email@example.com
- Canada: firstname.lastname@example.org
- France: email@example.com
- Germany: firstname.lastname@example.org
- Netherlands: email@example.com
- Spain: firstname.lastname@example.org
- UK: email@example.com
- Australia and New Zealand: firstname.lastname@example.org
- Hong Kong: email@example.com
- Other countries and regions: firstname.lastname@example.org