Toymaker VTech Holdings Inc. that is based in Hong Kong sought help to a cyber forensic team to enhance its security and investigate on the hacking attack that recently affected and exposed sensitive information of more than 6 million children. The company announced on Thursday that it has tapped the FireEye Inc. Mandiant Incident Response team.
The response team is currently looking at how the toymaker handles customer information and advises ways to boost security protection. Reuters reports that Mandiant aids determining the magnitude of the attack, cleaning networks and repairing destroyed systems. Some of the biggest cyber attacks have been managed by Mandiant, for example, Target Corp.'s holiday attack in 2013 and Sony Picture's Entertainment data breach in 2014.
After immediately alarmed of the attack, the company allegedly shut down its Learning Lodge, Kid Connect network and other access to sites to minimize the damage. With over 6 million children and almost 5 million adults affected, the gadget maker revealed that name, gender and date of birth are the only data obtained from children. While more specific detail like email address, password, mailing address and Internet protocol address were breached from parents' accounts.
Stephen Wong, Privacy Commissioner of Hong Kong, said that an assessment is needed to determine if the country has followed private data guidelines. Furthermore, with the number of clients affected, security experts are assuming the hacking will initiate government investigation.
However, Tod Beardsley, Rapid7 Inc's security research manager, said that "VTech is a toymaker and I don't expect them to be security superstars. They are amateurs in the field of security." Meanwhile, threat analyst of vArmour Seth Chromick stated that "This breach is a parent's nightmare of epic proportions. A different approach to security for all organisations is needed."
Experts reveal that the breached data like credit cards are sold online for £1 each, while photos of children or minors are worth more in the deep web.