British police arrest 21-year-old man in VTech hacking

AP News
|
Posted: Dec 15, 2015 2:41 PM
British police arrest 21-year-old man in VTech hacking

NEW YORK (AP) — Police in the UK say they've made an arrest in the hacking of kids' technology maker VTech, which compromised the personal information of more than 6 million children around the world.

The South East Regional Organised Crime Unit, a regional task force made up of a handful of English police departments, says its cybercrime unit arrested a 21-year-old man was on hacking-related charges Tuesday morning in Bracknell, a town about 30 miles west of London.

Police seized a number of electronic items that will be examined by a cybercrime forensics unit.

Craig Jones, who heads the cybercrime unit, says in a statement that the investigation remains in its early stages and much work still needs to be done. Few other details were provided.

VTech officials didn't immediately return emails seeking comment.

The November hacking of Hong Kong-based VTech Holdings Ltd.'s Learning Lodge database compromised the profiles of 6.4 million kids around the world, along with the 4.9 million parent accounts that they were connected to.

News of the breach came just as the holiday shopping season was shifting into high gear. Kid-friendly tablets, smartwatches and other connected toys made by companies such as VTech are often high on the holiday wish lists of many children.

The company also has drawn fire in the weeks since the breach from some members of Congress who have demanded to know the details of how VTech collects and secures the personal information of children.

The information contained in the parental accounts included names, email addresses, secret questions and answers for password retrieval, numeric Internet Protocol addresses, mailing addresses, download histories and encrypted passwords.

Information in the children's accounts was restricted to names, ages and genders, the company says. But security experts warn that the stolen information could potentially be used to build profiles of children, potentially setting them up for identity theft or worse down the road.

The breach didn't expose any credit-card or other financial account information, as payments are handled by an outside company on a separate website, VTech says.

Some reports suggested that photos of children and chats between kids and their parents might also have been accessed, but VTech has yet to confirm that.

___

Follow Bree Fowler at http://twitter.com/APBreeFowler. Her work can be found at http://bigstory.ap.org/author/bree-fowler.