Police in the UK have arrested a 21-year-old man as part of the investigation into the hacking of toy- and tablet-maker VTech Holdings.

As a result of the data breach sensitive information on 6.4 million children was leaked. Hacking experts believe that the attack constitutes the largest theft of personal information targeting kids, writes Eric Auchard for Reuters.

British Man Arrested Over VTech Data Hack

Electronic items seized from address in tech hub Bracknell

According to a statement from the South East Regional Organised Crime cyber unit, a man from Bracknell was arrested on suspicion of unauthorized access to computers and data. Bracknell is a town to the west of London which has become home to a number of tech firms.

“We are still at the early stages of the investigation and there is still much work to be done,” said Craig Jones, head of the regional cyber crime unit. The police statement revealed that a number of electronic devices were seized by the police.

Hong Kong-based firm VTech revealed the huge data breach in early December, before detailing that it affected 6.4 million children and 4.9 million adults. Almost 50% of those affected by the hack are residents of Europe.

Regulators ask VTech for explanations for child data collection

The data that was compromised was stored on the company’s Learning Lodge app store database, and includes names, email addresses and download histories. The app lets users download software, learning games, e-books and other content to their VTech devices.

VTech did however specify that the database does not contain customer credit card information.

A number of authorities are investigating the breach, including regulators from Hong Kong, several U.S. states and the UK’s Information Commissioner’s Office. In the U.S., lawmakers have grilled VTech on the reasons why it collects data on children. The company has also been asked to explain the security procedures that it follows to keep that information safe.

The hacker apparently breached VTech’s systems using a decades-old hacking technique called an SQL injection. The method suggests that security on the VTech database was poor.The arrest was the latest in a string of high-profile police actions against suspected hackers in Britain, including five arrests made after the hacking of British broadband provider TalkTalk.