
Over the Thanksgiving holiday, the children’s electronic toy maker VTech confirmed a data breach that affects nearly 5 million parents and 200,000 children around the world.
The latest reports indicate that this data breach includes names and addresses of parents, names and ages of children, as well as videos, pictures, audio files, and chat logs. Independent analysis of the stolen data shows that it’s possible for all of the stolen information to be knit together, so attackers can potentially associate pictures, videos, audio files, and chat logs with specific children, their parents and home addresses.
In a worst case scenario, this means that the stolen data could be used to build profiles of children that include their name, age, parent’s name, home address, and from chat logs, information that only a trusted adult would know, such as a child’s favorite toy and the name of their siblings.
Right now, there is no indication that the worst case has happened – the attacker behind this data breach claims they are holding the data securely and won’t sell it. In addition, there’s no sign of this data on criminal undergrounds that we monitor. But that could always change.
What Parents Should Do
If you’re the parent of a child that’s used VTech devices, be aware of this situation and watch for more information from VTech on their website. Thus far, VTech hasn’t provided a great deal of information but this could change as more details emerge. Additionally, be vigilant for phishing attempts against yourselves and your children. Products like Trend Micro™ Security have built in anti-phishing capabilities that can help safeguard your systems and devices against such attacks.
Even if your children haven’t used VTech devices, you should take time now and reexamine what information you provide about yourself and your children online. Even if your child isn’t online themselves, as a parent you are likely already building up their digital footprint, and this incident shows what can happen when that data is stolen.
When posting information about your children, all parents should ask themselves, “What’s the worst that could happen if this is made public?” If you answer isn’t a good one, don’t post it. In particular, don’t post pictures and videos that are tied to your child’s identity, provide information about your child’s physical location, or information that could make a stranger seem like a trusted adult.
This is advice not just for parents but for everyone that is responsible for the safety and well-being of children. Grandparents, aunts, uncles, family friends – everyone is responsible for ensuring the online safety of the children they care for by being mindful of the digital footprint they’re building for them.
With kids growing up in this interconnected world, it is imperative parents and guardians educate their children on potential online dangers, as well as prevent and protect their personal identifiable information from harm. For more family safety tips, click here.
Since 2008, Trend Micro’s Internet Safety for Kids & Families has been enabling and empowering kids, parents, teachers, and schools around the world to make the Internet a safe and secure place for today’s youth. You can access a wealth of information on our site.
As always, we will watch this situation and provide any updates as more information comes out.
Please add your thoughts in the comments below or follow me on Twitter; @ChristopherBudd.