Among the questions that remain unanswered about last month’s gigantic hack on the Chinese toymaker VTech are: Who was responsible? How long until the company’s websites are back up and running? And how much will the attack cost?
Allan Wong, chairman and CEO of the company, told the Wall Street Journal that it is still too early to tell. He added that, in spite of the holiday season, it might be weeks before VTech’s education websites are back online.
“Certainly there is financial impact to us in this whole incident by not having the service online before Christmas, but our top priority is on getting the data secured,” he told the Journal.
Wong and his team learned about the leak on Nov. 24 and spent the next few days assessing the damage. They alerted customers on Nov. 27, and two days following that they discontinued the company’s online products, which includes a suite of educational tools and learning games.
The company has said the data breach exposed the personal information—including names, addresses, photos, and chat logs—of more than 10 million people, consisting of 6.4 million children and 4.9 million adults.
On Dec. 3, the company said it hired Mandiant, the forensics arm of the U.S. cybersecurity firm FireEye (FEYE), to investigate the breach, according to Reuters.
“We know there are certain security aspects we can further improve in our system,” he told the Journal, mentioning beefing up the company’s encryption techniques.
Follow Robert Hackett on Twitter at @rhhackett. Read his cybersecurity, technology, and business coverage here. And subscribe to Data Sheet, Fortune’s daily newsletter on the business of technology, where he writes a weekly column.
For more about high tech toys, watch the video below: