Though the breach took place on November 14, the company only learned of the intrusion 10 days later. Details were scarce at the time, but earlier this month the company revealed that close to 5 million customer accounts and more than 6 million child profiles were affected by the intrusion. Accounts and profiles around the world were affected, including customers in Europe, North America, and Asia.
Now the first arrest in relation to the breach has been made, as U.K. authorities have arrested a 21-year-old man in Berkshire. The man, whose identity has not been revealed, is being held on suspicion of “unauthorized access” to a computer, according to the South East Regional Organised Crime Unit (SEROCU).
“We are still at the early stages of the investigation and there is still much work to be done,” SEROCU cybercrime head Craig Jones said. “Cybercrime is an issue which has no boundaries and affects people on a local, regional, and global level”
Some data obtained in the breach is believed to have been posted online, albeit briefly, the BBC reports. Some of the information confirmed to reside in the database includes names, passwords, IP addresses, and information about children, including names, ages, and genders. No credit card data was stored in the database that was breached.
For the time being, VTech has temporarily shut down its Kid Connect app, which allowed the attacker to gain access to photos. The company has also advised customers to change their login credentials, including their password retrieval information.
SEROCU says that the investigation is still in the early stages, so it’s possible if not likely that we’ll see more arrests related to the attack.
