The theft of toy maker VTech Holdings Ltd’s database highlights a growing problem with basic cyber security measures at small, non-financial companies that handle electronic customer data, industry watchers said on Monday.
The hacked data at VTech included information about customers who download children’s games, books and other educational content, the Hong Kong-based toy maker said. The breach also included information relating to children.
As more devices are connected to the Internet and as companies increasingly collect personal information about their customers, such attacks are expected to increase.
In VTech’s case, information that should have been obscured and unrecoverable if the database were breached – such as passwords and secret answers – either wasn’t obscured at all or was done so improperly, said Larry Salibra, founder and chief executive of crowd-sourced bug-testing platform, Pay4Bugs.
Salibra said these types of security measures were basic best practices that don’t require a lot of money. “This seems to be a trend. Hardware manufacturers really don’t value software skills – I would imagine because they don’t see any immediate positive impact to their bottom line,” Salibra said.
VTech said in a statement that about 5 million customer accounts and related children’s’ profiles worldwide were affected. It did not break out how many profiles belonged to parents and how many to children. News site Motherboard reported that data belonging to some 4.8 million parents and more than 200,000 children was taken.