|
 The Hong Kong-based firm said the attack on databases for its
Learning Lodge app store and Kid Connect messaging system affected
even more kids than the 4.9 million adults that the company
disclosed on Friday.
Security experts said they expected the size of the breach would
prompt governments to scrutinize VTech and other toymakers to review
their security.
"The disclosure of the scope of the breach is troubling," said
Jaclyn Falkowski, a spokeswoman for Connecticut's attorney general.
Connecticut and Illinois said on Monday they plan to investigate the
breach. Regulators in Hong Kong are also looking into the matter.
"This breach is a parent's nightmare of epic proportions," said Seth
Chromick, a threat analyst with network security firm vArmour. "A
different approach to security for all organizations is needed."
Chris Wysopal, co-founder of cyber security firm Veracode, said it
could be a wake up call for families in the same way that the hack
on infidelity website Ashley Madison earlier this year made adults
realize online data might not be safe.
VTech said in a statement that children's profiles included name,
gender and birth date. Stolen adult data included name, mailing
address, email address, password retrieval questions, IP address and
passwords. (http://(bit.ly/1LM1RMQ)
The most VTech customers affected were in the United States,
followed by France, the United Kingdom, Germany, Canada, Spain,
Belgium and the Netherlands.
Shai Samet, a security expert who audits toymakers for compliance
with the U.S. government's Children's Online Privacy Protection Act,
said he believed the case would lead many toy companies to "rethink"
security protections on children's data.
[to top of second column] |
Technology news site Motherboard, which broke news of the breach
last week, reported that the person who claimed responsibility for
the hack said "nothing" would be done with the stolen information.
(http://bit.ly/1Ifc5ut)
Security experts were skeptical, noting that the stolen data could
be worth millions of dollars.
"I wouldn't trust him," said Troy Hunt, a security expert who
reviewed samples of stolen data and information about the attack for
Motherboard.
Justin Harvey, chief security officer with Fidelis Cybersecurity,
said stolen records sell for $1 to $4 in underground markets.
(This story adds comment from Connecticut attorney general's
representative)
(Reporting by Jim Finkle; Editing by Bernard Orr and Richard Chang)
[© 2015 Thomson Reuters. All rights
reserved.] Copyright 2015 Reuters. All rights reserved. This material may not be published,
broadcast, rewritten or redistributed.
 |
