VTech hired a company to help it with cyber security after a hacker gained access to the toy maker’s customer database — and private information about millions of adults and children.
The Hong Kong-based company announced Thursday that a team from FireEye is helping it with the fallout from the massive data breach, one of the largest documented consumer hacks.
VTech said in a news release that the United States-based company is helping it beef up its security after a November cyber attack in which a hacker accessed the manufacturer’s Learning Lodge portal, which allows customers to download a variety of content to VTech’s digital toys.
The company has said the data included information like email addresses and passwords but not credit card or social security numbers. The hacker who claimed responsibility for the attack has told Motherboard he also accessed pictures of children and logs of private chats between kids and their parents. Those were originally sent through a VTech service called Kid Connect, which allowed smartphone-using parents to exchange messages with children using VTech tablets.
The hacker has told Motherboard he has no plans to release the data.
VTech said about 4.8 million parents and 6.3 million children were affected by the hack. About 2.2 million parent accounts and 2.9 million child profiles are based in the United States, it said.
The company has suspended Learning Lodge and Kid Connect and several other websites in a precautionary measure, it said. VTech adds that it has reviewed the websites and taken steps to safeguard against future attacks, and hiring FireEye appears to be another one of those actions.
“We are deeply shocked by this orchestrated and sophisticated attack on our network. We regret that users of Learning Lodge, Kid Connect and PlanetVTech, some of whom are colleagues, friends and families, are also affected,” VTech Chairman and Group CEO Allan Wong said in a statement that accompanied the announcement. “We would like to offer our sincere apologies for any worry caused by this incident. We are taking all necessary steps to ensure that our users can continue to enjoy our products and services, safe in the knowledge that their data is secure.”
VTech said FireEye’s team will lead a forensic investigation into the attack and help review its customer data security protocols. The toy maker also it is “cooperating with law enforcement worldwide to investigate the incident,” but did not mention any specific agency’s involvement.
On Wednesday, two United States lawmakers wrote VTech and inquired about the kind of information it collects from children and how the toy manufacturer safeguards that data.
Specifically, Sen. Edward Markey (D.-Mass.) and Congressman Joe Barton (R.-Texas) want to know how VTech complies with the Children’s Online Privacy Protection Act, which governs the data websites can collect from children less than 13 years old.
PC Magazine reported the VTech hack was the fourth largest breach of consumer data.