21st Century Oncology Group Breach 
Advocate Medical Group Breach 
Affinity Health Plan 
126 Email Service 
000webhost.com 
17 Streaming App 
7K7K 
Equifax Data Breach 
Weebly 
Yahoo! 
NY Times Russian Cyber Breach 
Vivint In what seems to be a never-ending stream of cyber breaches, VTech appears to be one of the latest victims of a cyber attack. What makes this cyber attack unusual is that not only did the adults that purchased the interactive toy maker, VTech’s, products get breached, but also children’s profiles and information was compromised as well.
The hacker was able to access personal information, which included the download histories of VTech customers, names, email addresses, and passwords. But what is more concerning is that the customer profiles that were compromised also contain the profile information on their children, which includeed the names, genders, and birth dates as well as photos and chat logs between parent(s) and their children.
In the criminal world of cyber identity theft, children’s information is of a higher value on the black market. This is due to their clean credit history which can be used to apply for loans, open bank and credit card accounts, or apply for government benefits. Additionally concerning is that not only did the hacker make off with the personal information on these children, but also pictures of the children and private chats between parent and child.
On November 27, 2015 an initial press release from VTech Holdings Limited announced that an “unauthorized party” had accessed VTech customer data from their Learning Lodge app store database, stating the breach occurred on November 14, 2015. The statement went on to explain that upon learning of the security breach the company began a “thorough” investigation and had taken measures to defend it’s systems against further attacks.
In the first VTech statement there was no mention of how many customer’s information had been compromised, but it did point out that their customer database did not contain any credit card information, social security numbers, driver’s license numbers, or ID card numbers. The breach did contain customer names, encrypted passwords, secret question and answers, email addresses and IP addresses as well as snail mail addresses, profile photos, chats and download histories. The company assured consumers that there is an ongoing investigation and that VTech is looking into ways in which to strengthen their database security to better protect their customer’s personal information from attacks in the future.
VTech subsequently released two more press releases after learning more from the internal investigation they were conducting, the second statement was released on November 30, 2015 and the third was on December 3, 2015.
In the second press release VTech was forthcoming with the information millions of consumers had wanted to know – – how many customer’s information was breached and from what websites? The answer was much broader than even cyber security experts had anticipated. The second VTech press release stated:
Our Learning Lodge, Kid Connect and PlanetVTech customers are affected. In total 4,854,209 customers (parent) accounts and 6,368,509 related kid profiles worldwide are affected. Among those approximately 6.3 million kid profiles, approximately 1.2 million of them have Kid Connect app enabled. Kid profiles only include name, gender and birth date. There are 235,708 parent accounts and 227,705 kids’ profiles in PlanetVTech.
According to our current information, the breakdown of Learning Lodge customers by country is as follows:
Country |
Parent Accounts |
Child Profiles |
| United States | 2,212,863 | 2,894,091 |
| France | 868,650 | 1,173,497 |
| United Kingdom | 560,487 | 727,155 |
| Germany | 390,985 | 508,806 |
| Canada | 237,949 | 316,482 |
| Others | 168,394 | 223,943 |
| Spain | 115,155 | 138,847 |
| Belgium | 102,119 | 133,179 |
| Netherlands | 100,828 | 124,730 |
| Republic of Ireland | 40,244 | 55,102 |
| Latin America | 28,105 | 36,716 |
| Australia | 18,151 | 23,096 |
| Denmark | 4,504 | 5,547 |
| Luxembourg | 4,190 | 5,014 |
| New Zealand | 1,585 | 2,304 |
According to VTech these were the only sites that were affected, but in an abundance of caution the following sites have been suspended until the investigation is complete.
VTech’s Learning Lodge app store customer database was affected and VTech Kid Connect servers accessed. As a precautionary measure, we have suspended Learning Lodge, the Kid Connect network and the following websites temporarily whilst we conduct a thorough security assessment.
Suspended Websites:
- www.planetvtech.com
- www.lumibeauxreves.com
- www.planetvtech.fr
- www.vsmilelink.com
- www.planetvtech.de
- www.planetvtech.co.uk
- www.planetvtech.es
- www.proyectorvtech.es
- www.sleepybearlullabytime.com
- de.vsmilelink.com
- fr.vsmilelink.com
- uk.vsmilelink.com
- es.vsmilelink.com
The second and third VTech press release were virtually identical with the exception that VTech has set up a FAQs site on their web page and provided a link for each country that may have been affected by the breach to make inquiries to, which is included in this article under links for consumers affected (below). These links will also provide support for VTech customers to enable them to use their VTech products by means of alternative solutions until such time as the company is able to reopen the services they have temporarily had to suspend.
VTech has stated that they are “targeting to get some key functions of the Learning Lodge online on/before mid-January 2016.We will advise our customers of further action when the websites are ready to be reactivated.” Until then they are offering firmware/code update and services to their customers.
Additional Resources About This Breach:
http://motherboard.vice.com/read/hacked-toymaker-vtech-admits-breach-actually-hit-63-million-children
http://bits.blogs.nytimes.com/2015/12/15/man-arrested-in-vtech-breach-of-childrens-data/?_r=0
http://techcrunch.com/2015/11/30/toymaker-vtech-leaks-millions-of-parent-emails-and-child-photos-in-latest-massive-breach/#.cuhrv5h:wgcH