Hello Kitty — you know, that lifeless-yet-expressive, haunting kitten-likeness toy — had its online databases breached, hacked, and released into the wild. (One could say that all of Sanrio’s supposedly private user information went feral.)

The information included just about everything, from users’ full names and encrypted passwords to their birthdates and password reset information. The leaked passwords were encrypted with SHA-1 hashing, which means that they, too, are hackable. The hack’s range extended across the following websites: hellokitty.com, hellokitty.com.sg, hellokitty.com.my, hellokitty.in.th, and mymelody.com.

This is especially awkward because a majority of Hello Kitty’s clientele comprises children and teens. And because there are 3.3 million users in the database. It’s one level of uncomfortable if you’re an adult whose Ashley Madison account got exposed. It’s another level if your child’s personal information is leaked online and immortalized.

Sanrio’s response, reported over at Wired, is verifiable legalese nonsense: “The alleged security breach of the SanrioTown site is currently under investigation. Information will be made available once confirmed.”

It’s a grown-up version of a child’s embarrassed admission of guilt while deftly attempting to sidestep the blame.

Photos via Edwige (Flickr)