Parents alerted to NurseryCam security breach

Leo Kelion - Technology desk editor
·2 min read

A webcam system that lets parents drop in and watch their children while at nursery school has written to families to tell them of a data breach.

NurseryCam said it did not believe the incident had involved any youngsters or staff being watched without their permission, but had shut down its server as a precautionary measure.

The Guildford-based company told the BBC its service was used by about 40 nurseries across the UK.

It said it had also notified the ICO.

Under UK rules, the Information Commissioner's Office must be told of a breach if it has "significant impact" within 24 hours.

NurseryCam said it first became aware of the incident shortly after 17:00GMT on Friday.

It added the service would remain suspended until a security fix was in place.

Logins exposed

The firm said that a "loophole" in its systems had been used to obtain data from parents' viewing accounts including:

  • usernames

  • passwords

  • names

  • email addresses

"The person who identified the loophole has so far acted responsibly," said NurseryCam's director Dr Melissa Kao.

"He stated he has no intention to use this to do any harm [and] wants to see NurseryCam raise the overall standards of our security measures."

Public apology

The company had earlier been involved in a public spat with a cyber-security consultant who had claimed to have found problems in its systems, which the company had played down.

The consultant, Andrew Tierney, told the BBC he had also been contacted by the hacker, who had passed on a redacted copy of the stolen data.

Mr Tierney said he had made follow-up checks with some of the parents involved to check the details were real, and had contacted NurseryCam to offer his help.

"I don't know who this guy is," he said.

"But what I've done is send NurseryCam the weak points in its system that I had spotted over the last couple of weeks."

He added that ex-users of the system had not been included on the list he had seen.

Ms Kao told the BBC she did not believe the breach had been related to the previous alleged flaws that Mr Tierney had sought to bring to her attention.

"NurseryCam sincerely apologises to all our parent users and nurseries for the incident. We are very sorry," she added.