According to officers from the South East Regional Organised Crime Unite (SEROCU), a 21-year-old man has been arrested on suspicion of being involved in the VTech cyber-attack.
This man was arrested on Tuesday morning in Bracknell on suspicion of unauthorized access to a computer to facilitate the commission on an offence and suspicion of causing a computer to perform functions to secure or enable unauthorized access to a program or data.
VTech has stated that a hacker gained access to the personal credentials of individuals who registered an account for VTech’s Learning Lodge, Kid Connect and their PlanetVTech services. The hacker was able to obtain 4.8 million parent accounts & 6.3 million kids’ profiles from Learning Lodge, as well as 1.2 million from the Kid Connect app. The hacker was also able to access 235,000 parent accounts and 227,000 kids’ accounts from the PlanetVTech databases.
Kids profiles include details like names, genders & dates of birth, while parent accounts include names, email addresses, security Q&A, IP addresses, passwords, mailing addresses and download history.
Shortly after the breach, the hacker spoke with Motherboard and explained he targeted the educational toy maker to bring light to the company’s inadequate security practices and raise awareness of the flaws in hopes the company would quickly fix them.
In a quote from the Craig Jones, Head of the Cyber Crime Unit at SEROCU, “We are still at the early stages of the investigation and there is still much work to be done. We will continue to work closely with our partners to identify those who commit offences and hold them to account. We are pursuing cyber criminals using the latest technology and working with businesses and academia to further develop specialist investigative capabilities to protect and reduce the risk to the public.”
With this breach in particular, affecting millions of children and parents alike, it's important for companies collecting sensitive data like dates or birth and addresses to approach IT security with a layered approach.
Data security is important for the health of your business and its reputation and as sophisticated attacks increase from both external sources such as Trojans, worms and modern malware, as well as internal threats from ‘Insiders’ knowing ‘how to operate within the rules’ to avoid detection, IT security is facing its most testing time.
By working with NNT you will be able to adopt a ‘layered and integrated approach’ to security that incorporates the right process, methodology and set of tools in order to guard your environment against this new threat landscape.