UK authorities have arrested a 21-year-old man in London in the VTech hack, which exposed the data of 6.4 million children last month.
The man is being held on suspicion of breaching the Computer Misuse Act of 1990, a regional cybercrime unit said in a statement Tuesday.
The attack hit Hong Kong-based VTech, which specializes in digital toys and educational tools for children, including tablets and apps. The company's Learning Lodge app store database was breached in the cyberattack, resulting in the exposure of almost 6.4 million children's profiles. Another 5 million parents' accounts, as well as 236,000 parent and 228,000 children PlanetVTech accounts, were compromised. The hack is one of scores of such attacks over the past year, but the fact that children's data was exposed gives this attack a unique twist.
Parent accounts included names, email addresses, secret questions and answers for passwords, IP addresses, mailing addresses and download histories.
VTech said the child profiles contained only names, genders and birthdates, but that is more than enough to raise the hackles of both parents and regulators. It is not known whether photos, video chats and other content related to children's accounts were also taken.
The majority of affected accounts belonged to parents and children in the US, France, UK and Germany. Law enforcement and regulators in Hong Kong, the UK and US are investigating the breach.
This story originally posted as "British man arrested over VTech child data hack" on ZDNet.