VTech Holdings Limited noted that an unauthorized party accessed VTech customer data housed on our Learning Lodge app store database on 14 November 2015. Learning Lodge allows our customers to download apps, learning games, e-books and other educational content to their VTech products.
Upon discovering the unauthorized access on 24 November 2015, we immediately conducted a thorough investigation, which involved a comprehensive check of the affected site and implementation of measures to defend against any further attacks.
Our customer database contains user profile information including name, email address, password, secret question and answer for password retrieval, IP address, mailing address and download history. In addition the database also stores kids information including name, genders and birthdates. In total about 5 million customer accounts and related kids profiles worldwide are affected.
It is important to note that our customer database does not contain any credit card information and VTech does not process nor store any customer credit card data on the Learning Lodge website. To complete the payment or check-out process of any downloads made on the Learning Lodge website, our customers are directed to a secure, third party payment gateway.
In addition, our customer database does not contain any personal identification data (such as ID card numbers, Social Security numbers or driving license numbers).
We have reached out to every account holder in the database, via email, to alert them of this data breach and the potential exposure of their account data. The following email enquiry contacts have also been set up:
- US: vtechkids@vtechkids.com
- Canada: toys@vtechcanada.com
- France: explora_park@vtech3.websitedevsystem.com
- Germany: downloadmanager@vtech.de
- Netherlands: exp@vtech3.websitedevsystem.com
- Spain: informacion@vtech3.websitedevsystem.com
- UK: consumer_services@vtech3.websitedevsystem.com
- Australia and New Zealand: enquiriestoys_aunz@vtech3.websitedevsystem.com
- Hong Kong: corporate_mail@vtech3.websitedevsystem.com
- Other countries and regions: corporate_mail@vtech3.websitedevsystem.com
Furthermore, as an additional precautionary measure, we have suspended Learning Lodge and the following websites temporarily for thorough security assessment and fortification.
- www.planetvtech.com
- www.lumibeauxreves.com
- www.planetvtech.fr
- www.vsmilelink.com
- www.planetvtech.de
- www.planetvtech.co.uk
- www.planetvtech.es
- www.proyectorvtech.es
- www.sleepybearlullabytime.com
- de.vsmilelink.com
- fr.vsmilelink.com
- uk.vsmilelink.com
- es.vsmilelink.com
We are committed to protecting our customer information and their privacy, to ensure against any such incidents in the future. Our Privacy Statement can be found on our website here. The investigation continues as we look at additional ways to strengthen the security of all on-line services provided by VTech. We will provide further updates as appropriate in the future.
Further details are provided in the FAQ section.