VTech, a company dedicated to making technology and educational toys aimed at young children, revealed that it was recently compromised by hackers. According to a report from the BBC, the attack occurred on November 14 and exposed sensitive information of up to five million VTech accounts.According to VTech the attack exposed "general user profile information.\u201d That includes things such as names, email addresses, encrypted passwords, secret questions and answers for password retrieval, IP addresses, mailing addresses and download histories. A compromise of this sort of personally identifiable information (PII) is a problem for users of any age, but it\u2019s particularly concerning that children who haven\u2019t yet entered kindergarten already have their data hacked.It also represents a greater risk of identity theft. Identity theft and credit fraud of adults often raises red flags that allow victims to detect it. The victims in this case, however, won\u2019t even be thinking about applying for credit or setting up a bank account for years\u2014possibly a decade or more. By the time they try to open a line of credit they may discover that their credit score has been destroyed long ago by identity thieves."Hardly a day passes now without a breach of some sort, and it makes those of us embedded in the security and data protection world wonder when organizations will demonstrate a sense of urgency,\u201d proclaimed David Gibson, VP of strategy and market development at Varonis.Gibson stressed that most organizations and individuals are still struggling to get the basics of security and data protection right, and there is still too much focus on keeping the bad guys \u201coutside\u201d the network through perimeter defenses. \u201cInstead of pouring all of your energy into building a very high, very strong fence, spend more time making sure that once someone is inside, their activities will be observed and controlled. Just because you have a great lock on your front door doesn\u2019t mean that cameras and motion sensors aren\u2019t also a good idea. Similarly, monitoring user access and analyzing it properly will help organizations identify attackers on their network and hopefully mitigate any damage.\u201dMark Bower, global director at HPE Security, pointed out that a breach like this that compromises PII of children who don\u2019t even know what PII is also exposes weaknesses in programs and regulations intended to protect children online. Regulations like COPPA (Children\u2019s Online Privacy Protection Act) mandate rules for how companies can collect or use data from children, and programs like KidSAFE (which VTech participates in) implement controls designed to protect children. Bower notes that, unfortunately, such regulations do little to guard against what happens to the data that is collected when a breach occurs.Bower declared, \u201cThis breach shows how little the perimeter security controls offered by KidSAFE do in protecting the child\u2019s data from breach risk. If the data itself is not secured, it is at risk of theft irrespective of access controls and firewalls. Breach after breach proves this beyond any doubt.We don\u2019t yet have all of the details and there will most likely be more news as the dust settles. Gavin Reid, VP of threat intelligence for Lancope, summed things up pretty well, though. \u201cIt is terrible even thinking that these children have had their data exposed before they even know what it is. This is the new world order in privacy, where you should expect anything handed over to organizations to be exposed at some point."