Security Experts:

Connect with us

Hi, what are you looking for?


Tracking & Law Enforcement

Suspect Arrested in UK Over VTech Hack

Police in the United Kingdom announced on Tuesday that a 21-year-old man has been arrested on suspicion of being involved in the recent hacker attack aimed at Chinese educational toymaker VTech.

Police in the United Kingdom announced on Tuesday that a 21-year-old man has been arrested on suspicion of being involved in the recent hacker attack aimed at Chinese educational toymaker VTech.

According to the South East Regional Organised Crime Unit (SEROCU), the unnamed suspect is from Bracknell, a town in Berkshire, England. He has been identified as part of an investigation conducted by SEROCU’s Cyber Crime Unit in collaboration with partner agencies.

The man was arrested on Tuesday morning on suspicion of unauthorized access to a computer to facilitate the commission of an offence, and causing a computer to perform function to secure or enable unauthorized access to a program or data. These offences are covered in section 2, respectively section 1, of the UK’s Computer Misuse Act of 1990.

“We are still at the early stages of the investigation and there is still much work to be done. We will continue to work closely with our partners to identify those who commit offences and hold them to account,” said Craig Jones, Head of the Cyber Crime Unit at SEROCU. “We are pursuing cyber criminals using the latest technology and working with businesses and academia to further develop specialist investigative capabilities to protect and reduce the risk to the public.”

According to VTech, the hacker gained access to the personal details of users who registered an account for the company’s Learning Lodge, Kid Connect and PlanetVTech services. From Learning Lodge, the attacker obtained the details of more than 4.8 million customer (parent) accounts and over 6.3 million kids profiles, including 1.2 million who used the Kid Connect app. From the PlanetVTech databases, the hacker accessed 235,000 parent accounts and 227,000 kids profiles.

Kids profiles include names, genders and dates of birth, while parent accounts include names, email addresses, secret questions and answers, IP addresses, passwords, mailing addresses and download history. Information provided for the Kid Connect service includes email addresses, passwords and profile photos.

The hacker also provided proof that he obtained audio files, chats and kids’ profile photos, but VTech still hasn’t been able to confirm this. The affected services have been taken offline and VTech has hired FireEye-owned Mandiant to assist in the investigation and review the company’s data protection procedures.

Most of the affected users are from the United States (2.2 million), followed by France (868,000), the UK (560,000), Germany (390,000) and Canada (237,000).

Shortly after the breach came to light, the hacker told Vice’s Motherboard that he targeted VTech to expose the company’s inadequate security practices and raise awareness of the flaws in an effort to get them fixed. He claimed he never intended to sell the stolen data for profit.

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content


The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.


The Hive ransomware website has been seized as part of an operation that involved law enforcement in 10 countries.


US government reminds the public that a reward of up to $10 million is offered for information on cybercriminals, including members of the Hive...


The owner of China-based cryptocurrency exchange Bitzlato was arrested in Miami along with five associates in Europe


Google Project Zero has disclosed the details of three Samsung phone vulnerabilities that have been exploited by a spyware vendor since when they still...


A hacker who reportedly posed as the CEO of a financial institution claims to have obtained access to the more than 80,000-member database of...

Application Security

Virtualization technology giant Citrix on Tuesday scrambled out an emergency patch to cover a zero-day flaw in its networking product line and warned that...


Employees of Chinese tech giant ByteDance improperly accessed data from social media platform TikTok to track journalists in a bid to identify the source...