The latest
breach involves about 5 million customer/parent information and over 6 million kids
profiles (names, emails, addresses, passwords, selfies/pictures, chat log, etc.
but no SSN or card data) of Vtech toy company, a Hong Kong based manufacturer. It said to have occurred on November 14 and
identified 10 days later when an email was received from a journalist.
Mandiant has been retained to provide
forensics investigation and shore up security gaps. VTech’s security posture has surfaced as
questionable in terms of risk-based security implementation, and the likes of
other gaming misfortune such as Sony PlayStation and Mattel’s Barbie. While company will undergo close local
government scrutiny and the Hong Kong Privacy Commissioner looking into data
privacy compliance, the FTC has no jurisdiction for non-U.S. companies. Certainly not good news for the holiday
season gift shopping…with over 15 countries affected by this incident.
Interesting read, troyhunt.com for sequence of verification events/analysis
No comments:
Post a Comment