Educational Toy Company VTech Hit by Data Breach

Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...

By George R. Lynch

Nov. 30 — VTech Holdings Ltd. Nov. 30 said it had closed down several websites affiliated with its recently breached electronic toys customer database.

Hackers gained access to customer data of VTech Holdings Limited Nov. 14, the electronic learning toys company announced Nov. 27.

The breach affected approximately 5 million customer accounts and children's profiles, according to VTech. The customer data is located in VTech's Learning Lodge application store, where customers download apps, e-books, and other content for VTech's products.

The company said the database doesn't contain credit card information because customers are routed to a third-party payment site when purchasing VTech products. The database also doesn't contain any personal identification data, such as ID card numbers, Social Security numbers or drivers' license numbers, according to VTech. It does contain general profile information of the customers, such as name, e-mail address, encrypted password, secret question and the answer, Internet protocol address, mailing address and download history, in addition to the name, gender and birthdates of children who use the company's products..

VTech launched an investigation upon discovering the breach, including “a comprehensive check of the affected site and implementation of measures to defend against any further attacks,” according to the company's statement.

To contact the reporter on this story: George R. Lynch in Washington at glynch@bna.com

To contact the editor responsible for this story: Jimmy H. Koo at jkoo@bna.com