Electronic toymaker VTech was hacked last week, exposing the personal information of around 5 million customers.
While no credit card numbers were stolen, hackers did get access to profile information like names, email addresses, passwords, mailing addresses and IP addresses. The hacked database also included information related to children, including names, genders and birth dates.
VTech did not disclose how many of the 5 million accounts contained children's personal information.
Someone claiming to be the hacker told Vice.com's Motherboard website that he or she also obtained photos and chat logs from VTech's Kid Connect messaging service.
The security breach happened on Nov. 14, according to the company, and was discovered 10 days later. Hackers gained access to VTech's Learning Lodge website, where parents can download apps, e-books and other materials for their toys.
"It is important to note that our customer database does not contain any credit card information and VTech does not process nor store any customer credit card data on the Learning Lodge website," the company wrote in a press release issued on Monday.
After learning of the breach, VTech "immediately conducted a thorough investigation" and contacted the affected customers via email.
The fact that credit card information wasn't stolen doesn't comfort Jeff Hill, channel marketing manager at security firm STEALTHbits.
"A stolen credit card can be cancelled," Hill said in a statement. "Personal information, however, like a child’s name, birthday, and home mailing address can be used by clever and patient cyber-criminals to compromise personal information over time using highly-targeted phishing attacks that leverage the initially stolen information."
Attorneys general in Connecticut and Illinois said that they would probe the breaches, Reuters reported.