My kids are all past the VTech stage, but we have owned our fair share of VTech technology and educational toys over the years. It’s safe to say there’s a pretty good chance that I–and possibly one or more of my children–have a dormant account sitting idle on the VTech servers that may have been compromised in this attack.
I wrote about the VTech data breach and the impact of compromising personally identifiable information of children:
VTech, a company dedicated to making technology and educational toys aimed at young children, revealed that it was recently compromised by hackers. According to areport from the BBC, the attack occurred on November 14 and exposed sensitive information of up to five million VTech accounts.
According to VTech the attack exposed “general user profile information.” That includes things such as names, email addresses, encrypted passwords, secret questions and answers for password retrieval, IP addresses, mailing addresses and download histories. A compromise of this sort of personally identifiable information (PII) is a problem for users of any age, but it’s particularly concerning that children who haven’t yet entered kindergarten already have their data hacked.
It also represents a greater risk of identity theft. Identity theft and credit fraud of adults often raises red flags that allow victims to detect it. The victims in this case, however, won’t even be thinking about applying for credit or setting up a bank account for years—possibly a decade or more. By the time they try to open a line of credit they may discover that their credit score has been destroyed long ago by identity thieves.
“Hardly a day passes now without a breach of some sort, and it makes those of us embedded in the security and data protection world wonder when organizations will demonstrate a sense of urgency,” proclaimed David Gibson, VP of strategy and market development at Varonis.
Gibson stressed that most organizations and individuals are still struggling to get the basics of security and data protection right, and there is still too much focus on keeping the bad guys “outside” the network through perimeter defenses. “Instead of pouring all of your energy into building a very high, very strong fence, spend more time making sure that once someone is inside, their activities will be observed and controlled. Just because you have a great lock on your front door doesn’t mean that cameras and motion sensors aren’t also a good idea. Similarly, monitoring user access and analyzing it properly will help organizations identify attackers on their network and hopefully mitigate any damage.”
Check out the complete story on CSOOnline.com: Vtech hack exposes personal information of millions of customers.