A 21-year-old man was recently arrested in the United Kingdom for alleged involvement in a November cyber attack on electronic learning products manufacturer VTech. The suspect, who is as yet unnamed, is being investigated by the South East Regional Organised Crime Unit (SEROCU) in Bracknell, near London, on suspicion of facilitating unauthorized access to data.
According to a press release on VTech’s corporate site, the November data breach exposed the private information of more than 4.8 million customer (parent) accounts and 6.4 million child profiles. Since the affected site—Learning Lodge—did not contain credit card or other financial information, the hacker was only able to obtain basic user account information. Learning Lodge has been temporarily disabled as the incident continues to undergo investigation.
“Cyber criminality is affecting more and more businesses around the world, and we continue to work with our partners to thoroughly investigate often very complex cases,” said Craig Jones, head of the Cyber Crime Unit at SEROCU. “We are still at the early stages of the investigation, and there is still much work to be done. We will continue to work closely with our partners to identify those who commit offenses and hold them to account.”
As consumers continue to purchase connected devices for their homes (aka the Internet of Things), new security risks—from identity theft to data compromises—must be acknowledged and understood. The VTech data breach incident isn’t the only toy privacy concern to make the news this season: a November 26 article in The Guardian reported on potential vulnerabilities exhibited by Mattel’s Wi-Fi-enabled Hello Barbie. Hello Barbie has been advertised as the first “interactive” doll; it can listen to a child’s voice, send that data away for processing, and respond via audio. Matt Jakubowski, a US security researcher, revealed that once a hacker possesses the doll, the privacy features could be overridden. The hacker could then gain access to other connected devices and steal personal data.
Image credit: VTech
