There were a record number of data breaches in 2014, according to the Identity Theft Resource Center, reaching an all-time high of 783 in that one calendar year alone. Previous years’ results were hardly any better, with corporate, retail, and medical data breaches occurring at an alarming rate. But a recent data breach, announced this week, may be one of the scariest yet, simply for the information it garnered for cybercriminals.



Toy and educational tool developer VTech announced it was the latest victim of a large-scale data breach, with around 5 million of its customers’ account information stolen by hackers. The stolen information included names, home addresses, email addresses, and account passwords for the adult consumers who purchased these toys, but not credit card information or Social Security numbers.

As data breaches go, this one might not sound all that bad. No payment information was stolen, and no highly-sensitive identifying information was accessed. So why are security experts and parenting advocates up in arms?

Because VTech’s Learning Lodge app was also accessed, and the account information for hundreds of thousands of children were stolen. Not only do criminals now have parents’ physical addresses, they have the ages, genders, and photos–190GB, at last count–of their children, which is any child advocate’s nightmare.

Fortunately, the more common fallout from this type of scenario is an increase in spam advertising. Hackers steal data like email addresses and demographic information and sell it to advertisers. At the busy holiday shopping season, advertisers that promote products for kids would love nothing more than the contact information for millions of households that buy children’s toys.

Unfortunately, apart from the horrifying possibility that pedophiles intend to buy up and use this data, there is also still a likelihood of identity theft, even without the parents’ or children’s Social Security numbers. Child identity theft is such a problem that one study discovered that ten percent of the children sampled had active credit files on their Social Security numbers, and that of those kids, 76% of the activity was fraudulent.