Vtech data breach puts children’s data at risk

My kids are all past the VTech stage, but we have owned our fair share of VTech technology and educational toys over the years. It’s safe to say there’s a pretty good chance that I–and possibly one or more of my children–have a dormant account sitting idle on the VTech servers that may have been compromised in this attack.

I wrote about the VTech data breach and the impact of compromising personally identifiable information of children:

VTech, a company dedicated to making technology and educational toys aimed at young children, revealed that it was recently compromised by hackers. According to areport from the BBC, the attack occurred on November 14 and exposed sensitive information of up to five million VTech accounts.

According to VTech the attack exposed “general user profile information.” That includes things such as names, email addresses, encrypted passwords, secret questions and answers for password retrieval, IP addresses, mailing addresses and download histories. A compromise of this sort of personally identifiable information (PII) is a problem for users of any age, but it’s particularly concerning that children who haven’t yet entered kindergarten already have their data hacked.

It also represents a greater risk of identity theft. Identity theft and credit fraud of adults often raises red flags that allow victims to detect it. The victims in this case, however, won’t even be thinking about applying for credit or setting up a bank account for years—possibly a decade or more. By the time they try to open a line of credit they may discover that their credit score has been destroyed long ago by identity thieves.

“Hardly a day passes now without a breach of some sort, and it makes those of us embedded in the security and data protection world wonder when organizations will demonstrate a sense of urgency,” proclaimed David Gibson, VP of strategy and market development at Varonis.

Gibson stressed that most organizations and individuals are still struggling to get the basics of security and data protection right, and there is still too much focus on keeping the bad guys “outside” the network through perimeter defenses. “Instead of pouring all of your energy into building a very high, very strong fence, spend more time making sure that once someone is inside, their activities will be observed and controlled. Just because you have a great lock on your front door doesn’t mean that cameras and motion sensors aren’t also a good idea. Similarly, monitoring user access and analyzing it properly will help organizations identify attackers on their network and hopefully mitigate any damage.”

Check out the complete story on CSOOnline.com: Vtech hack exposes personal information of millions of customers.

Tony Bradley: I have a passion for technology and gadgets--with a focus on Microsoft and security--and a desire to help others understand how technology can affect or improve their lives. I also love spending time with my wife, 7 kids, 4 dogs, 7 cats, a pot-bellied pig, and sulcata tortoise, and I like to think I enjoy reading and golf even though I never find time for either. You can contact me directly at tony@xpective.net. For more from me, you can follow me on Threads, Facebook, Instagram and LinkedIn.
Related Post