You can replace a credit card after a data breach; you can change your passwords, login ID and all of your security questions to try and protect yourself. But, what if the data breach involved your child’s personal information and information about your family? Well then, things hit closer to home.
Last week, VTech, a large children’s toymaker worth almost $2 billion in revenue, became the latest company to disclose that it has been the victim of a huge security breach. The hackers compromised the personal information of millions of customers, including children. On November 14th, the company’s “Learning Lodge” app was the target of the breach.
The app is an online storefront where VTech users can use it to download children’s games, e-books, apps, videos and educational materials. The breach exposed identifying information about VTech customers’ children such as age, gender, home address, and even photos and chat logs. The information also exposed who the parents of the children were and their home address. The company has stated that no personal information, such as social security numbers, and no debit or credit information was stolen. However, that may be of little comfort to the parents of the children identified in the hack.
VTech was initially unaware of the data breach. The massive security failure was uncovered and revealed by Lorenzo Bicchierai of Motherboard and Troy Hunt, a software expert and tech blogger. The hacker reached out to Bicchierai and provided him with the stolen data. Hunt utilized the stolen data to expose the extent of the personal information leaked by the breach. In order to do so, Hunt used the ‘Have I Been Pwned’ (HIBP) service to verify the stolen addresses. HIBP notifies you when, or if, your account has been hacked.
After verifying that the accounts had been hacked, Hunt and Bicchierai unsuccessfully tried to reach out to VTech for days. Finally, VTech responded to Bicchierai by saying that they had “discovered the breach and had immediately made modifications to the security settings on the site to defend against any further attack.”
VTech has announced that the security breach has affected 4.8 million parents and 200,000 children. The hacker, who has request anonymity, claims that he has no plans to use the data in a malicious way. The hacker explained how easy it was to access the information, and how someone with nefarious motives could easily acquire it and sell it online. Now, two U.S states, Connecticut and Illinois plan to launch thorough investigations of the breach.
If you are a customer of VTech’s product Learning Lodge, your family’s personal information may have been compromised. Contact Morgan & Morgan to learn more about your legal options.