UK law enforcement has announced the arrest of an individual as part of its ongoing investigation into the hack against VTech, a provider of electronic learning products. On Tuesday, officers from the South East Regional Organized Crime Unit (SEROCU) published a statement in which they explain the status of their investigation.
"A 21-year-old man was arrested this morning (15/12) in Bracknell on suspicion of unauthorised access to computer to facilitate the commission of an offence, contrary to section 2 of the Computer Misuse Act 1990 and suspicion of causing a computer to perform function to secure/enable unauthorised access to a program/data, contrary to section 1 of the Computer Misuse Act 1990," the statement reads.
The release goes on to say that a number of "electronic devices" were seized by SEROCU's Cyber Crime Unit, though the exact nature of these devices is currently unknown.
This development marks the first arrest in last month's VTech breach, an incident which exposed the personal information of approximately 6.4 million children and 5 million adults worldwide. Security journalist Thomas Fox-Brewster writes for Forbes that the company was compromised by an SQL injection, the same method of attack that is believed to have compromised UK telecommunications provider TalkTalk back in October. Ultimately, the attack against VTech successfully breached the Learning Lodge database, which stores customers' names, IP addresses, dates of birth, gender, and other personal information. No financial information was stored in the compromised database, reports the BBC. Craig Jones, head of the Cyber Crime Unit at SEROCU, had this to say about the arrest:
“Cybercriminality is affecting more and more businesses around the world and we continue to work with our partners to thoroughly investigate often very complex cases. We are still at the early stages of the investigation and there is still much work to be done. We will continue to work closely with our partners to identify those who commit offences and hold them to account. We are pursuing cybercriminals using the latest technology and working with businesses and academia to further develop specialist investigative capabilities to protect and reduce the risk to the public. Cybercrime is an issue which has no boundaries and affects people on a local, regional and global level.”
The VTech breach has raised a number of questions about child safety and public disclosure. To read one expert's perspective on these issues, please click here.