Children’s Tech Toys Present Growing Hacking Risk

January 11, 2016

The recent hack of digital toymaker VTech has revealed serious risks associated with this new generation of internet connected toys.

The breach exposed the personal data of millions of children and their parents from the U.S., Canada and Europe. While the breach didn’t expose credit card or financial information, it did expose children’s personal information and parents’ address information, creating a strong concern that criminals could piece together enough data to expose a child’s full identity. This information could potentially set children up for identity theft which could go undetected for years as parents generally don’t check their children’s credit reports.

What’s worse, the information could be used for kidnapping or “virtual kidnapping” – a scam where criminals use exposed information to convince parents that their child has been kidnapped, demanding a ransom for their return.

As a result of the breach, VTech customers are advised to change their passwords on any other sites or services that utilized the same login information as their VTech account.

While it’s not clear what the motive was for the VTech breach, or whether it has resulted in any identity theft so far (it appears the hacker decided not to profit by selling the data online), it highlights the growing threat of data breaches as the internet of things continues to expand.

The following advice can help you protect your child’s data from a future toy hack:

  • Opt out of entering personal information. While some services require personal information during the setup process, when it comes to children’s toys, entering this type of information is often optional. If that’s the case, it’s recommended to refuse personal information all together. If information is required, consider using a false name and registering a separate email address for the account.
  • Use a P.O. Box for your billing and delivery addresses. When purchasing additional features or add-on products for a toy by credit card, you’re required to enter your billing information, including your address. Where children are concerned, the home address is the single most dangerous bit of personal information. Instead of using your home address, use a P.O. Box so you don’t have to worry about hackers having access to your child’s address.
  • Set up a Wi-Fi “guest network” in your home.  If your Wi-Fi router allows you to create a “guest network”, use this secondary network for internet connected toys to safeguard any other internet connected devices on your network in the event that it’s hacked.

VTech customers with concerns regarding impacts of the data breach can find more information here.

For additional advice to protect yourself and your children online, visit our CyberSafe Knowledge Center.