(Bloomberg) -- Hackers who infiltrated VTech Holdings Ltd.’s online services last month gained access to the profiles of more than 6 million children worldwide, the Hong Kong-based company said Wednesday.

Almost half of the 4.9 million parent accounts that were accessed belonged to users in the U.S., the maker of children’s electronic toys and computer tablets said in an online post. No credit card information was stolen, the company said. About 6.4 million children’s profiles were accessed, with almost half containing information -- names, gender and birthdates -- from kids in the U.S.

“Regretfully our database was not as secure as it should have been,” VTech said in the updated post. “We have appointed data security legal specialists who are in the process of liaising with local authorities.”

The attack on VTech highlights how increasingly online- savvy children are vulnerable to hackers. Names, e-mail addresses and other profile information could be used to target kids on social-media sites, said Bryce Boland, Asia chief technology officer for FireEye Inc.

Encrypted Photos

VTech is investigating a report by technology blog Motherboard that the hackers obtained children’s photos and chat records. VTech said images on its servers are encrypted, and it couldn’t confirm the veracity of the Motherboard report.

Shares in the company declined 1.2 percent as of 11:45 a.m. in Hong Kong. On Tuesday, a Hong Kong regulator -- the Office of the Privacy Commissioner for Personal Data -- said it was in contact with VTech for a “compliance check.”

Chief Executive Officer Allan Wong and Chief Technology Officer Chu Chorn Yeong haven’t responded to e-mails seeking comment.

VTech hasn’t disclosed how many users in Hong Kong were affected. Wednesday’s post said hackers accessed about 224,000 children profiles in “other” countries.

VTech said it found out about the breach on Nov. 24. After confirming the facts, it informed customers on Nov. 27, it said in the post.

Hackers accessed the accounts through VTech’s Learning Lodge database, where users download applications, learning games and e-books. The company, which gets about 90 percent of revenue from North America and Europe, suspended several websites and began an internal investigation. Regulators in Europe and the U.S. have been sensitive to the risk that kids could be targeted online through their growing cache of online data. The Connecticut Attorney General’s office is aware of the VTech breach and is looking into it, Jaclyn Falkowski, a spokeswoman, said Tuesday.

--With assistance from Chris Dolmetsch.

Register or login for access to this item and much more

All Information Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access