When you think about data breaches, you likely do not imagine that the victims of these crimes are children, but in the case of the VTech security breach that took place in 2015, about 6.4 million children were put in danger of fraud and identity theft. VTech is a toymaker based in Hong Kong that produces tablets, computers, and other digital toys all geared toward children. Many of the users of these products are enrolled in the Learning Lodge database, which allows access to downloadable content. It is through this database that one hacker was able to acquire the names, email addresses, passwords, download histories, and home addresses of 12 million individuals, about half of which were children.
A unique vulnerability
While no credit card information was taken, there was heavy controversy over this attack, because so many of the victims of the data breach were kids. Children’s identities are valuable for hackers, because it is easy to qualify for credit cards, government benefits, and more with the clean credit history that a child has. Additionally, there was more than just fraud-worthy personal info at stake with the breach. Hackers gained access to accounts that included photos and chat logs as well as the birthdays and genders of more than 6.4 million children.
A quick arrest
Many large scale hacks will go unresolved, but the VTech data breach was quickly followed with an arrest. In December, 2015—just one month after the breach was announced—a 21-year old man was arrested in England in connection with the incident. He had used a fairly simple and primitive hacking technique called SQL injection, which allowed him to command that the database dump its contents. Upon his arrest, he claimed that he had no intention of selling the data for a profit, but he simply wanted to expose weaknesses in the company’s online security.