When Cybercrime Hits Home: VTech Hack Exposes Personal Information of Children

by Matt Klassen on December 2, 2015

Late last week the world was shocked by the news that children’s technology firm VTech had been hacked, and the information of millions of parents and children had been exposed…or at least we should have been shocked. Granted there has been adequate news coverage of this potentially devastating cybercrime, but what I’ve noticed is a rather muted, almost apathetic response from the general public, as if exposing the personal information of our children was simply par for the course in this digital age. But I digress.

According to a press release from VTech on Friday, the company has confirmed that its Learning Lodge app store had been breached on November 14, 2015, and that some measure of personal information (names, emails, addresses, encrypted passwords, IP addresses among other things) was stolen. The company assured its customers that no financial data, such as credit card information, was taken.

That said, while the financial ramifications of this hack are relatively minor compared to other corporate hacks of late, this particular cybercrime stands out in that reports indicate that the information on upwards of 200,000 children was exposed, including names, genders, and birthdays (and now reports of photos and communications as well), meaning that repeated assurances that no credit cards were harmed during the making of this hack strikes me as hollow succour indeed.

Let’s be honest here, at its core this isn’t the worst cyberattack in history, far from it in fact, but given that the personal information of children was stolen, it seems to ratchet up the creepiness factor higher than attacks that have had a larger financial impact.

While VTech has been quiet about the exact number of those impacted, Motherboard, who first reported the hack, put the number at just under 5 million. Not only that, but according to security analyst and blogger Troy Hunt, there are some seriously disturbing possibilities of how this information might be correlated and utilized.

“When [the information contains] hundreds of thousands of children including their names, genders and birthdates, that’s off the charts. When it includes their parents as well – along with their home address – and you can link the two and emphatically say ‘Here is 9 year old Mary, I know where she lives and I have other personally identifiable information about her parents (including their password and security question)’, I start to run out of superlatives to even describe how bad that is.”

What’s more, VTech seems relatively nonchalant about both its protection (or lack thereof) of this information to date and the potential vulnerability of children caused by this hack. As ZDNet’s Larry Dignan writes, “VTech’s emphasis that credit card data wasn’t impacted seems a bit tone deaf considering that kids’ data appears to have been compromised. VTech should have addressed whether children data was also breached.”

Simply put, while financial data appears to be safe, there is still significant reason to be concerned about the VTech hack, particularly given that until now children had been largely kept at arms length from this ongoing cyberwar. Now, however, children are among the victims, and what is the most disappointing is that VTech has shown a disturbing lack of care regarding protecting the information of our kids, and an air of nonchalance about it being stolen.

Did you like this post ? TheTelecomBlog.com publishes daily news, editorial, thoughts, and controversial opinion – you can subscribe by: RSS (click here), or email (click here).

Written by: Matt Klassen. www.digitcom.ca. Follow TheTelecomBlog.com by: RSS, Twitter, Facebook, or YouTube.

Previous post:

Next post: