- More than 6 million kids' profiles accessed, mostly in U.S.
- Children's photos, audio files on servers are encrypted: VTech
VTech Holdings Ltd. fell to a three-year low after the Hong Kong-based company said hackers who infiltrated its online services gained access to the profiles of more than 6 million children.
Almost half of the 4.9 million parent accounts that were accessed belonged to users in the U.S., the maker of children’s electronic toys, smartwatches and computer tablets said in an online post. No credit card information was stolen, the company said. About 6.4 million children’s profiles were accessed, with almost half containing information -- names, gender and birth dates -- from kids in the U.S.
“Regretfully our database was not as secure as it should have been,” VTech said in the updated post. “We have appointed data security legal specialists who are in the process of liaising with local authorities.”
The attack on VTech highlights how increasingly online-savvy children are vulnerable to hackers. Names, e-mail addresses and other profile information could be used to target kids on social-media sites, said Bryce Boland, Asia chief technology officer for FireEye Inc.
Shares on Wednesday declined 1.8 percent to HK$85.50, widening the company’s fall to 23 percent for the year.
VTech is investigating a report by technology blog Motherboard that the hackers obtained children’s photos and chat records. VTech said images on its servers are encrypted, and it couldn’t confirm the veracity of the Motherboard report.
Details of the cyber-attack are emerging during the peak holiday shopping season. VTech sells children’s products such as a tablet computer, camera and gaming system.
“It’s not great that we’re three weeks to Christmas,” said Warren Lau, an analyst with Kim Eng Securities in Hong Kong. “There is a legitimate concern. The majority of VTech’s revenues are from the developed markets.”
Regulators in Europe and the U.S. have been sensitive to the risk that kids could be targeted online through their growing cache of online data. The Connecticut Attorney General’s office is aware of the VTech breach and is looking into it, Jaclyn Falkowski, a spokeswoman, said Tuesday.
A Hong Kong regulator -- the Office of the Privacy Commissioner for Personal Data -- said Tuesday it was in contact with VTech for a “compliance check.”
Chief Executive Officer Allan Wong and Chief Technology Officer Chu Chorn Yeong haven’t responded to e-mails seeking comment. VTech hasn’t disclosed how many users in its home base were affected. Wednesday’s post said hackers accessed about 224,000 children profiles in “other” countries.
The company said it found out about the breach on Nov. 24. After confirming the facts, it informed customers on Nov. 27, it said in the post.
Hackers accessed the accounts through VTech’s Learning Lodge database, where users download applications, learning games and e-books. The company, which gets about 90 percent of revenue from North America and Europe, suspended several websites and began an internal investigation.