Ranking as one of the largest data breaches of the year and one of the first to target children, VTech has confirmed (via an FAQ about their data breach(3)) that on November 14, an unauthorized party accessed data on their Learning Lodge app store customer database and Kid Connect servers. In total over 4.8 million customer (parent) and 6.3 million child profiles have been compromised. The database stores information such as names, email addresses, passwords, password reset questions and answers, IP addresses, mailing addresses, child profiles (names, age, genders, and birthdates) and the download history for an account(2). Credit card information was not stored on the compromised servers so credit card details were not included in the attack.
The hack calls into question VTech’s security practices, which security researcher Troy Hunt(1) revealed that VTech demonstrated a “total lack of care” in securing customer data. This will be a call for many major international organizations to rethink their current information security safeguards as CyberSecurity attacks have become more and more prevalent. Large businesses like Sony, Home Depot, Target, Ashley Madison, and even the IRS have succumbed to information breaches in 2015 alone.
For better or for worse, “these types of breach notifications may become even more frequent in Canada depending on when Mandatory Breach Notification Bill S-4 will be enforced” says Eugene Ng, CIO of NCI. Ultimately, consumers can never be too careful when giving out personal information to any company, it is something everyone should be weary of. As such, companies should take all possible measures to secure their information and NCI can help solidify your CyberSecurity posture with assessments such as our Maturity and Threat Analysis™.