Man held in UK in VTech hacking probe Published duration 15 December 2015

image copyright Getty Images image caption VTech's app database for its connected toys was hit in the attack

A 21-year-old man has been arrested in Berkshire by police investigating the hacking of electronic toy maker VTech.

The man has been held on suspicion of "unauthorised access" to a computer, said the South East Regional Organised Crime Unit (Serocu) in a statement.

VTech was hit in mid-November when servers holding its customer information were breached.

In total, details of more than six million people are believed to have gone astray.

Data deluge

"We are still at the early stages of the investigation and there is still much work to be done," said Craig Jones, head of the cyber crime unit at Serocu.

"Cybercrime is an issue which has no boundaries and affects people on a local, regional and global level."

In the attack, servers used to support VTech's Learning Lodge app were compromised. The software lets registered customers download extra content such as games and e-books to their handheld devices.

VTech firm sells a wide range of electronic products ranging from toy cars and interactive garages to cameras, games, e-books and tablets.

The Learning Lodge database logged names, email addresses, encrypted passwords, IP (internet protocol) numbers and other personal data. Some of the information was about children including names, dates of birth and gender.

No credit card data was stored in the compromised database.

Details on customers from all over world, including the US, UK, France and China, were taken.

Some of the data is believed to have been posted briefly online before being removed.

When details about the extent of the data loss became known security expert Troy Hunt said he had "run out of superlatives to even describe how bad" it was.

VTech is just one of a growing roster of firms that have suffered data breaches in recent months. Pub chain Wetherspoons and telecommunications firm TalkTalk both recently lost data in attacks.