Electronic toy-maker VTech says the personal information of about five million customer accounts and related kids profiles, including details about children, have been compromised in a data breach.
VTech said Monday that an "unauthorized party" accessed VTech's Learning Lodge app store, which stores customers’ information including names, email addresses, encrypted passwords, IP addresses, mailing addresses, questions and answers for password retrieval and download history.
The database also stores information about children including names, genders and birthdates.
"In total about five million customer accounts and related kids profiles are affected," the company said in a statement, noting that consumers in 16 countries, including Canada, were affectedin the Nov. 14 breach.
The company said the database does not contain any credit card information.
The Learning Lodge website allows VTech customers to download apps, learning games, e-books and other educational content to their VTech products. The websites have since been suspended.
"We have reached out to every account holder in the database, via email, to alert them of this data breach and the potential exposure of their account data," the company said.
The Hong Kong-based company said it was alerted to the hack after receiving an email from a Canadian journalist on Nov. 23, asking about the hack.
VTech said it confirmed the breach on Nov. 24 and informed customers on Nov. 27.
Customers in Canada can email toys@VTechcanada.com for more information.
The VTech hack follows a widespread campaign against a Wi-Fi equipped Barbie that includes an embedded microphone which can record children's voices and transmits the conversation over the Internet to a server.
The Campaign for a Commercial-Free Childhood has raised concerns that the personal information could be shared and used for marketing purposes.
