vtech breachIf you’re the parent or relative of a young child, chances are you might find a smartwatch or tablet designed specifically for kids on their holiday wish list this year. Tech toys are a hot commodity popular with parents and children alike, but the unveiling of a data breach at popular tech toy company VTech this week might have some parents looking for other options. The Hong Kong-based company disclosed a breach of one of its customer databases in late November, confirming on Monday, Nov. 30 that approximately 4.8 million adult customers were exposed. The scariest part about this breach? It isn’t just parents’ information that was compromised — more than 6.3 million children are also victims, making it the largest known hacking attack targeting children.

When and how was the breach discovered?

According to a press release published by VTech, the company was alerted to the data breach by a journalist on Nov. 23 and confirmed that unusual activity had occurred on Nov. 24. The good news is that this intrusion, unlike many we’ve written about in the past, was caught early — it began on Nov. 14 and was put to an end after just 10 days. Unfortunately, that was still plenty of time for customer data to be accessed. VTech responded to the breach by suspending the Learning Lodge website (as well as several other related websites) and launching an investigation. It will also be notifying all affected customers by email.

What customer information was exposed?

The specific database accessed was stored on VTech’s Learning Lodge, an app store where customers can download apps, games, e-books and other content for their VTech products. In the case of the more than 6.3 million child profiles exposed in this breach, only names, birth dates and genders were exposed. Adult accounts contained more information, and those with parent accounts saw their names, email addresses, passwords, secret questions and answers for password retrieval, IP addresses, mailing addresses and download histories exposed. Customers in the U.S. as well as 14 other countries were affected. Vice’s Motherboard reported that children’s photos, chat history and audio files were also leaked, but VTech did not confirm this and said all of those files were encrypted by AES128.

Fortunately, VTech has assured customers that the database accessed did not contain any credit card information or highly sensitive personal details like social security numbers.

What does this breach mean for parents?

Internet-connected devices are becoming more and more popular among parents and their young children, but even though these toys usually block a large amount of Internet access for their users, parents should be aware that they can still be targeted by hackers. It’s important to think critically about what kind of information you provide about your child (as well as yourself) to anything with online access before doing so. Child identity theft has been steadily on the rise, and it’s something that will probably become even more of a problem in 2016, so parents should educate themselves on potential vulnerabilities and how to protect their kids.

If you want to be proactive when it comes to protecting your children, you may want to consider signing your family up for an identity theft protection service. Learn which service is the best for families with children by reading this blog post, and stay up to date on the latest news and tips on identity theft by following our blog.