The Hong Kong-based company disclosed the breach of a customer database late last week, but didn't say until Monday how many people could be affected.
The news comes just as the holiday shopping season is kicking into gear and kid's smartwatches and tablets made by companies such as VTech are expected to be high on children's wish lists. VTech's Kidizoom Smartwatch is predicted to be a top seller this holiday season, while its InnoTab tablets have been popular in the past.
Compromised information in the VTech breach includes the names, birthdates and genders of child users. It also includes adult user information including names, email addresses, passwords, secret questions and answers for password retrieval, IP addresses, mailing addresses and download histories.
The affected database doesn't contain any credit card numbers, or personally identification information such as Social Security or driver's license numbers, VTech says. Through a spokeswoman, VTech declined comment beyond the company statement.
Customers from the US and 15 other countries are affected.
The hacking serves as a reminder to parents to be careful about what kinds of information about their children they enter into on Internet-connected devices. While devices like kid-friendly smartwatches and tablets may block a child's access to the bulk of the Internet, they're still a potential target for hackers.
The breach took place on Nov. 14 and was discovered 10 days later. It involved customer data stored on the company's Learning Lodge app store database. Customers use Learning Lodge to download apps, games, e-books and other content to VTech products.
VTech Holdings Ltd. says it has contacted all of the affected users by email and has temporarily suspended its Learning Lodge website and some others as a precaution. It is investigating the breach and says it has taken steps to prevent another one from happening.
Catch the latest from the Consumer Electronics Show on Gadgets 360, at our CES 2026 hub.