For several years, the toy market has been experiencing a renaissance. Many created toys are require to the internet connection. It brings a risk of cyber attacks and data leakage. VTech Electronics, manufacturer of intelligent devices for children, was experienced a data breach.
Federal Trade Commission (FTC) imposed a fine of $ 650,000 on the company after the company in 2015 fell victim to a cyber attack. Data of parents and they children, using its products, leaked to the network.
Consequences of cyberattack
VTech Electronics fell victim to a hacking attack, the consequence of which was leakage of personal data of children and their parents. This huge security breach affected nearly 5 million parents and over 6 million children around the world.
As a result, information such as name and surname, home addresses, e-mail addresses, dates of birth, encrypted passwords, chat logs, download histories have been violated. Hackers could also download about 190 GB of photos from the VTech's Kid Connect app.
The causes of data breach
The reason for this serious security breach was the lack of sufficient security that would protect the collected data at the application level. VTech Electronics also did not have an appropriate system to detect and prevent any security incidents. FTC has imposed from VTech a penalty of $ 650,000. Furthermore, the company must implement a comprehensive data protection program that will be subject to independent audits for 20 years.
Could the attack be blocked?
VTech Electronics could have avoided a cyber attack that was targeted at specific vulnerabilities in the application. If the company had had Web Application Firewall the attack would be blocked and there would not have happened data leakage.
WAF is a system created on the basis of static rules and reputation mechanisms that effectively protects websites. It prevents theft of confidential data, and malicious robots prevent theft of content.