vTech breach – Fraud.org

/in /by

vtech-crop.jpg

A massive November 2015 breach at toymaker VTech raised major concerns about the level of data security at providers of the new generation of connected toys.

Announced on: November 30, 2015

Description of breach: In mid-November, an unauthorized party accessed VTech customer data housed in its Learning Lodge app store database. Learning Lodge is a place where customers download apps, learning games, e-books, and other educational content for their VTech products.

Information exposed: Hackers retrieved adults’ profile information, including names, email addresses and passwords. They also obtained secret questions and answers for password retrieval, I.P. addresses, mailing addresses, and download histories. (More from New York Times.) The compromised database also contained the names, gender and birth dates of children.

Affected customers: The major breach exposed personal data for 12 million people, including 6.4 million minors.

Official information from vTech: https://www.vtech.com/en/press_release/2015/data-breach-on-vtech-learning-lodge-update/

December 2015 update: Man arrested in vTech hacking attack (SC Magazine UK) 

Hilton breach – Fraud.org

/in /by

hilton_crop.jpg

Hotel giant Hilton Worldwide (operator of Hilton Hotels, Doubletree, Embassy Suites, Waldorf Astoria, and others) was the latest in a series of hotel breaches including Starwood Hotels, Trump Hotel Collection, Mandarin Oriental, and White Lodging.

Announced on: November 24, 2015

Description of breach: According to the chain, malware may have been present on some point-of-sale systems over a 17-week period, from November 18 to December 5, 2014 or April 21 to July 27, 2015.

Information exposed: It’s unclear at this time how many payment cards were affected, but official word from the company is that the compromised PII includes “cardholder names, payment card numbers, security codes and expiration dates, but no addresses, personal identification numbers (PINs), or Hilton HHonors account information.” (Hilton)

Affected customers: Unknown

Official information from Hilton: https://news.hiltonworldwide.com/index.cfm/misc/guestupdate/hilton-worldwide-guest-update 

Help for victims: Hilton is offering one year of free credit monitoring through AllClear. You may sign up online at hiltonworldwide.allclearid.com or by phone by calling 1-855-270-9191 (U.S. & Canada) and +1 512-201-2188 (outside U.S. & Canada).

More coverage of the breach: KrebsOnSecurity 

Experian breach of T-Mobile customer data – Fraud.org

/in /by

tmboile_medium_crop.jpg

The credit monitoring firm Experian suffered a major breach in fall 2015 when hackers were able to steal the personal information of 15 million consumers who had applied for T-Mobile wireless service.

Announced on: September 15, 2015

Description of breach: An unauthorized party accessed T-Mobile (the wireless service provider) customer data that is housed in an Experian (the credit monitoring firm) server.

Information exposed: Experian’s consumer credit database was not assessed in this incident, and no payment card or banking information was obtained. However, records containing a name, address, Social Security number, date of birth, identification number (typically a driver’s license, military ID, or passport number) and additional information used in T-Mobile’s own credit assessment were accessed. No payment card or banking information was obtained.

Affected customers: Estimated 15 million, including some current T-Mobile customers as well as consumers who applied for T-Mobile USA postpaid services or device financing, which required a credit check, from Sept. 1, 2013 through Sept. 16, 2015

Official information from T-Mobile: https://www.t-mobile.com/landing/experian-data-breach-faq.html

Help for victims: Experian offered complimentary identity resolution services to affected customers.

More coverage of the breach: Reuters 

NCL’s Programs

NCL-logo

Fraud.org is a project of
The National Consumers League.

info@nclnet.org
(202) 835-3323

1701 K St NW
Suite 1200,
Washington, DC 20006

© Copyright 2025. All rights reserved.