One of the world's most popular children's electronic gadget companies announced this week that it has been the victim of a data breach that affected more than five million user accounts.
Information that was believed to have been compromised included names, addresses, email addresses, and account passwords for the adults who established the user accounts, as well as names, genders, and birth dates for their children.
VTech, who sells a wide variety of learning and digital toys to a broad spectrum of age and educational ranges, immediately pointed out in their notification of the breach that no credit card numbers or Social Security numbers were compromised. They’re certain of this because the database that was compromised didn’t contain any payment methods, and the company had no need of anyone’s Social Security numbers.
So if hackers weren't after payment details or identity theft, what were they doing? There are a number of possibilities, but it would be naïve to assume that this isn’t related to plans for child identity theft. That particular form of identity theft is growing at an alarming rate, with as many as 10% of children’s Social Security numbers already being attached to an active credit file; of those with active credit reports, 76% of them were found to contain fraudulent activity.
Fortunately, children ages ten and under fall within VTech’s target audience range, and they have the lowest numbers of identity theft among children ages eighteen and under. But since Social Security numbers weren’t even collected in this database, there is another likely possibility for what hackers were after. There is very real money to be made in selling blocks of names, email addresses, and mailing addresses, so it's quite possible the hackers were looking for data they could then turn around and sell to advertisers. Since VTech's products are aimed at a specific demographic (children who are tech users), the ability to use data on their customers to market other products aimed at the children’s market, especially during the holiday shopping season, can result in a big payoff.
There is one more upsetting concern that parents need to keep in mind, though, and that's phishing emails. With the increase in threatening spam emails—actual spoof emails that claim your life is in danger, or your son has been kidnapped, or your sister went on vacation out of the country and is being held for ransom—parents need to be careful about not falling for messages that contain highly-detailed threats against their families. With the information garnered from VTech’s database, parents can easily be targeted with bogus emails that threaten their children by name. If any parent ever receives a malicious email with detailed information about anyone in their family, it warrants a call to law enforcement.