VTech toy maker breached
VTech Kidizoom Smartwatches are seen on display at a toy store in Hong Kong, Nov. 30, 2015. Reuters/Tyrone Siu

Chinese toy manufacturer VTech announced it will work with Hong Kong data regulators after hackers accessed information belonging to 6.4 million children. That’s a big update after the Hong Kong-based company previously said that attackers accessed data on approximately 5 million adults and only 200,000 kids.

A statement posted on VTech’s website Tuesday makes it clear that the 6.4 million children affected in the data breach discovered on Nov. 24 far exceeds the 4.9 million parents. Hackers accessed information including children’s names, gender and birthdates, the company said, though Vice Motherboard also reported that pictures and chat logs were also left exposed. Initial reports suggest it's the fourth-largest consumer data breach ever, with families across the world potentially impacted.

“I’ve never seen a hack that affected children as much as this one,” Chris Wysopal, co-founder of the cybersecurity company Veracode, told Reuters Tuesday. “This is sort of the Ashley Madison for children. People unwittingly trusting their personal information in a company that wasn’t equipped to handle it.”

Customers with the most data affected live in the United States, with France, the United Kingdom, Germany, Canada, Spain, Belgium and the Netherlands also affected in that order.

VTech is an international children’s toy maker that supplies young families around the world with connected learning technology. Hackers gained access to VTech’s Learning Lodge, an online portal where users register for accounts and download apps and e-books.

Hong Kong’s Office of the Privacy Commissioner for Personal Data also announced Tuesday it will conduct a “compliance check” to examine whether VTech did enough to protect user data before the data breach. Punishment for noncompliance can include fines in the thousands of dollars.

“VTech indicated that they would notify the PCPD formally about this data leakage incident which involved data of 5 million customer accounts and related kids’ profiles worldwide,” Stephen Wong, privacy commissioner at the PCPD, said in a statement Tuesday.