VTech said on Thursday that its server was breached. YouTube/Vtech Nobody is safe from hackers, not even children.

The Chinese toy and gadget maker VTech said on Thursday that its customer database, which contains personal information about parents and their children, was breached.

While the company didn’t disclose the exact number of affected customers in its statement, it’s possible that as many as five million parents and 200,000 children had their personal information exposed, according to Motherboard, who first reported the story.

VTech—which makes children’s tablets, wearables, and other gadgets— said in a statement that the breach affected its customer database that stores the name, email, address, encrypted passwords, download history, mailing address, IP address, and secret question and answer for password retrieval.

No credit card information was compromised, the company said.

Because the company makes children’s electronics, it requires parents to make an account for their children so that they can do things like download books or games.

According to Motherboard, exposed data affecting children only included their first name, birthday, and gender. However, using the exposed parent data, it’s possible to link a child to their parent and find out their home address.

The breach occurred November 14, but the company was unaware of it until Motherboard reached out to VTech for comment.

“Upon discovering the unauthorized access we immediately conducted a thorough investigation, which involved a comprehensive check of the affected site and implementation of measures to defend against any further attacks,” the company said in a statement.

Motherboard was notified about the breach by the hacker, who shared the stolen files with Motherboard. The hacker told Motherboard that he has no plans to use the data.

Tech Insider reached out to VTech for comment and will update when we hear back.