The man could be charged with violating the Computer Misuse Act of 1990, even though there is no evidence that the man sold the data after taking it.
VTech, the Chinese company that builds educational toys for kids, was easily breached with an SQL injection, with profiles on 6.4 million kids (including gender and birth dates) exposed in addition to details from 5 million parent's accounts, all of which included full addresses, secret questions/answers,passwords, IP addresses and links to their kid's profiles.
Most of those affected are located in the U.S., France, UK and Germany and all have been notified.
Source:
Cnet
Written by: Andre Yoskowitz @ 15 Dec 2015 21:28