Officers from the South East Regional Organized Crime Unit (SEROCU) apprehended the individual in Bracknell, Berkshire, on suspicion of unauthorized access to computer(s) to facilitate the commission of an offense and suspicion of causing a computer to perform unauthorized access to data - both part of the Computer Misuse Act 1990.
Authorities seized multiple electronic items for examination by the agency's forensics unit.
Craig Jones, Head of the Cyber Crime Unit at SEROCU, cautioned that they're still in the early stages of the investigation and there's a lot of work to be done.
News of the security breach was first reported late last month. In a series of interviews with Motherboard, the alleged hacker said he used a known SQL injection technique to gain access to the company's web and database servers. VTech only became aware of the breach after a journalist asked about the incident.
Data including names, e-mail addresses, passwords, mailing addresses and IP addresses belonging to more than six million people was compromised (no payment card information was accessed). The alleged attacker later revealed that he also made away with a large amount of photos and chat logs, many involving children.