Tech

British man arrested over VTech child data hack

A 21-year-old is suspected of being linked to the hack, which resulted in the theft of data related to over six million children.

Written by Charlie Osborne, Contributing Writer Dec. 15, 2015 at 4:36 a.m. PT

A man has been arrested in the United Kingdom who is believed to be linked to the VTech hack, which exposed the data of 6.4 million children.

In a statement on Tuesday, the South East Regional Organised Crime Unit (SEROCU) said they have arrested a man as part of an investigation into computer hacking offences. SEROCU arrested a 21-year-old in Bracknell, Berkshire, London, who is being held on suspicion of breaching the Computer Misuse Act,1990. Items were also seized by the agency's forensics unit for examination.

No further details were provided.

A cyberattack against toy maker vTech Holding's servers took place in mid-November. Hong Kong-based VTech is a toymaker which specialises in digital toys and educational tools for children, including tablets and apps.

The company's Learning Lodge app store database was breached in the cyberattack, resulting in the exposure of almost 6.4 million kid profiles.

Security

Approximately 5 million parent accounts, as well as 236,000 parent and 228,000 children PlanetVTech accounts were also compromised.

Parent accounts included names, email addresses, secret questions and answers for passwords, IP addresses, mailing addresses and download histories.

VTech said child profiles contained only names, genders and birthdates, but this is still more than enough to raise the hackles of both parents at large and regulators. It is not known whether photos, video chats and other content related to kid's accounts were also taken.

The majority of affected accounts belonged to parents and children in the United States, France, UK and Germany.

The attack caused the largest data breach to date which involved information belonging to children.

Craig Jones, Head of the Cyber Crime Unit at SEROCU, said:

"Cyber criminality is affecting more and more business around the world and we continue to work with our partners to thoroughly investigate, often very complex cases.
We are still at the early stages of the investigation and there is still much work to be done. We will continue to work closely with our partners to identify those who commit offences and hold them to account."

Law enforcement and regulators in Hong Kong, the UK and US are all investigating the breach.