The U.K.’s South East Regional Organized Crime Unit (SEROCU) have announced the arrest of a 21-year-old man in connection with the recent data breach at VTech, which exposed more than 5 million customers’ personal information.
The unidentified man was arrested in Bracknell, England on the morning of December 15, 2015, on suspicion of unauthorized access to computer to facilitate the commission of an offense, and on suspicion of causing a computer to perform function to secure/enable unauthorized access to a program/data.
Several “electronic items” were also seized, according to a statement.
“Cyber criminality is affecting more and more business around the world and we continue to work with our partners to thoroughly investigate, often very complex cases,” Craig Jones, head of SEROCU’s cybercrime unit, said in a statement. “We are still at the early stages of the investigation and there is still much work to be done.”
“We will continue to work closely with our partners to identify those who commit offences and hold them to account,” Jones added. “We are pursuing cyber criminals using the latest technology and working with businesses and academia to further develop specialist investigative capabilities to protect and reduce the risk to the public.”
It’s not clear at this point whether the man arrested was the same person who told a journalist at Motherboard about the breach. “It was pretty easy to dump, so someone with darker motives could easily get it,” the hacker said.
Bastille Networks CTO and founder Chris Rouland told eSecurity Planet that while the arrest is good news, it points to a troubling trend that will likely continue — the rise in vulnerabilities affecting Internet of Things (IoT) companies and their customers. “This not only includes traditional network vulnerabilities, but also security vulnerabilities in the devices they sell to their customers,” he said.
“With no true IoT security regulations mandated, consumers are at the mercy of manufacturers and their chosen third party vendors and have to trust that these companies are doing everything in their power to keep their customers safe,” Rouland added. “As the VTech breach reveals, the IoT is going to result in massive amounts of personal data being collected, which will naturally make these products attractive to hackers.”