V-Tech Hack

Could your reputation be at risk from a cyber attack?

Brand trust is often a major reason behind purchasing decisions and probably never more so than when buying items for young children. So the news that VTech, an award winning electronic learning toys company, has been the victim of a cyber breach will cause concern to many.

VTech have recently revealed that hackers have compromised its “Learning Lodge” app store; a store that provides content for children’s tablets and also the mobile app service that allows parents to communicate with their child’s devices.

Many toys gather data on the user including VTech’s line of cameras, watches and tablets and their associated websites. Another example of this is the recently launched “Hello Barbie” from Mattel. This doll connects to wireless networks and communicates with servers to enable conversations by uploading audio, then gaining responses from the cloud. Many vulnerabilities were found in the apps and the servers involved in delivering this functionality.

Terrifyingly, the personal data of children is much more valuable than most adult profiles when placed for sale on the dark web. In 2011, Carnegie Mellon University released data that indicated that data stolen from children is over 50 times more likely to be used than data stolen from adults. This is because identity theft of a child may not be uncovered for many years, giving the fraudulent user the opportunity to cause much damage to the child’s credit rating, or even giving them a criminal record.

There are other, additional risks when we realise that information captured from children can include photos, videos and chat logs – once these are gained by hackers, there is no control over how these can be used or by whom.

On Monday, Vtech emailed affected customers and said their passwords had been "encrypted" but it was "possible the hacker may have decrypted" them. Rik Ferguson, from cybersecurity firm Trend Micro made the following comments:

"It is unforgivable, for a technology company making products for children. They had an enormous duty of care and they failed. If you used the same password on any other website, change it immediately - and let this be a lesson never to reuse passwords on more than one site.

Don't forget that the security password and question have been exposed too - so if you used those anywhere else, change them too."

Currently VTech’s response has been to temporarily shut down many of their websites and they’ve hired forensic experts. Regardless, share price has fallen 2.6% this week –showing that they are also a victim of the hackers’ efforts. Unfortunately, it appears that they could have done much more to stop them breaching their security than they actually did.

Would your organisation know what to do in the event of a cyber attack? RESILIA, the best practice cyber resilience training provides tailored guidance to take an organisation from assessing its business objectives through to implementing management systems, controls and making sure all staff are cyber aware. Learn more about our RESILIA training and how it can help protect your organisation here.