VTech incident gives HK-based companies a big jolt

The data breach at Hong Kong toy maker VTech, which leaked information of 6.4 million children located in more than 14 countries worldwide, is a wake-up call for locally-based companies to take a hard look at their security infrastructure to assess potential risks.

“The VTech incident should be an alarm for users to aware that some of the devices connected to the Internet do not have sufficient protection and can be easily hacked,” said Daryl Cheng, senior vice president, management information systems, MassMutual Asia.

“From this incident, we can see a trend that hackers targeting users who are not aware about cybersecurity such as children,” he added, pointing out that IT organizations should immediately review their endpoints, network and Internet security infrastructure as well as the security policy to address the threat concerns. 

Cheng also stressed the need for a security awareness program to ensure employees are aware of such kind of risks.

At Jardine Restaurant Group, the VTech incident strengthens its commitment to conducting regular IT security checks.

“We will keep performing security check to review and upgrade our security level on a regular basis,” said Ravel Lai, the company’s group IT director.

While he said Jardine Restaurant Group doesn’t store sensitive customer data such as credit card information and age, the group nonetheless has taken steps to secure customer data within its organization.

“We have already performed PCI DSS certification every year in order to ensure the customer data security,” he said.

The cyberattack at VTech occurred on November 14 when an unauthorized party accessed its Learning Lodge app store customer database and Kid Connect servers. Learning Lodge allows customers to download apps, learning games, e-books and other educational content to their VTech products. Kid Connect allows parents using a smartphone app to chat with their kids using a VTech tablet.