|
 Data
breach at Hong Kong toy maker VTech highlights broader
problems
Send a link to a friend
[November 30, 2015]
By Clare Baldwin and Donny Kwok
HONG KONG (Reuters) - The theft of toy
maker VTech Holdings Ltd's database highlights a growing problem with
basic cyber security measures at small, non-financial companies that
handle electronic customer data, industry watchers said on Monday.
|
|
 The hacked data at VTech included information about customers who
download children's games, books and other educational content, the
Hong Kong-based toy maker said. The breach also included information
relating to children.
As more devices are connected to the Internet and as companies
increasingly collect personal information about their customers,
such attacks are expected to increase.
"Smaller companies might be targeted less often, but the
implications ... can be just as serious," said Bryce Boland, Asia
Pacific chief technology officer of cyber security firm FireEye. "As
larger companies implement stronger security measures, smaller
companies become relatively easy targets for cyber crime."
VTech has a market value of HK$21.9 billion ($2.8 billion). Tech
giant Apple Inc has a market capitalization of $657 billion.
In VTech's case, information that should have been obscured and
unrecoverable if the database were breached - such as passwords and
secret answers - either wasn't obscured at all or was done so
improperly, said Larry Salibra, founder and chief executive of
crowd-sourced bug-testing platform, Pay4Bugs.
Salibra said these types of security measures were basic best
practices that don't require a lot of money. "This seems to be a
trend. Hardware manufacturers really don't value software skills - I
would imagine because they don't see any immediate positive impact
to their bottom line," Salibra said.
"Software talent is an easy place to be cheap with minimal
consequences until something like this happens."
VTech said in a statement that about 5 million customer accounts and
related children's' profiles worldwide were affected. It did not
break out how many profiles belonged to parents and how many to
children. News site Motherboard reported that data belonging to some
4.8 million parents and more than 200,000 children was taken.
[to top of second column] |
The site said it had spoken to a hacker who claimed to be behind the
attack, who said he planned to do "nothing" with the data.
Motherboard's report could not be independently confirmed.
VTech said the breached database included names, email addresses,
passwords, secret questions and answers for password retrieval, IP
addresses, mailing addresses, download histories and children's
names, genders and birth dates.
The company, which sells children's tablets, electronic learning
toys and baby monitors, said the targeted database did not include
credit card information, ID card numbers, Social Security numbers or
drivers licence numbers.
Vtech said it has taken steps to prevent further attacks but did not
provide details. It said it has emailed every account holder.
Vtech's stock has fallen 22 percent this year. Shares and trade in
other VTech securities were suspended on Monday morning.
(Reporting by Clare Baldwin and Donny Kwok; Additional reporting by
Yimou Lee and Stella Tsang; Editing by Anne Marie Roantree and Bill
Tarrant)
[© 2015 Thomson Reuters. All rights
reserved.] Copyright 2015 Reuters. All rights reserved. This material may not be published,
broadcast, rewritten or redistributed.
 |
