A shocking cyberattack has targeted the Kido nursery chain, with hackers claiming the name Radiant reportedly stealing sensitive personal data of approximately 8,000 children and their families. The breach, confirmed to involve names, photographs, addresses, details of parents and carers, and safeguarding notes, marks one of the most brazen attacks against childcare providers in recent years. Some of this stolen data has already been partially published on the dark net, with at least ten children’s profiles made publicly available. The attackers have posted a “Data Leakage Roadmap” on their site, threatening to release an additional 30 profiles per child and private details of 100 employees unless a ransom is paid.
Scope and Scale of the Attack
Kido operates 18 nursery sites across London, with additional locations in the United States, India, and China. The attack is reported to have compromised data relating to roughly 8,000 children and potentially affected their families. Investigations so far point to Famly, a widely used childcare management software platform with over one million users worldwide, as the entry point for the breach. There is currently no evidence that other Famly customers have been impacted. The incident represents a large-scale breach of trust for a vulnerable sector, with far-reaching implications for data security in early childhood care.
Hacker Tactics and Demands
The Radiant group employed unusually aggressive tactics, contacting parents directly via phone calls to warn them their children’s information would be published unless the ransom was paid. Parents described some of these calls as “threatening.” The hackers openly admitted that their sole motive was financial, stating, “We do it for money, not for anything other than money… This isn’t my first time and will not be my last time.” They also claimed they would avoid targeting pre-schools in the future, citing the intense attention such attacks generate. Interestingly, Radiant revealed they hired individuals to make these calls and communicated in fluent English, although English is not their first language.
Official Responses and Investigations
Kido has not publicly confirmed all the hackers’ claims but has informed parents about the breach and reassured them they are addressing the situation, confirming the breach occurred via Famly. The nursery chain is working with authorities to contain the incident and mitigate harm. The Metropolitan Police received a referral on September 25 concerning a ransomware attack on a London-based organisation. Investigations are still in the early stages, and no arrests have been made. The Information Commissioner’s Office (ICO) has been informed and is currently assessing the incident. Independent cyber intelligence firms have confirmed the hackers’ claims of stolen data, adding credibility to the reported breach.
Parent Reactions and Concerns
Parents were informed swiftly via email from Kido, but concerns remain high. Many parents have expressed deep anxiety over the exposure of private information, with distress amplified by the direct contact from hackers. Some parents voiced sympathy for nursery staff, urging that frustration should be directed toward the attackers rather than the nursery itself. Others described receiving “threatening” phone calls and expressed alarm over the potential of sensitive children’s data being published online. The breach has shaken trust between parents and childcare providers and highlighted vulnerabilities in data protection systems.
Expert Analysis of the Attack
Cybersecurity experts have condemned the attack as one of the most reprehensible of recent years. Graeme Stewart of Check Point Software described it as a “new low” and an “appalling attack,” calling the targeting of children’s data “indefensible” and a sign of a “lack of ethics and morals.” Toby Lewis from Darktrace highlighted that while ransomware attacks are not new, the boldness of this attack is unusual. He pointed out that the attack appears to be purely financially motivated, designed to pressure parents into paying a ransom. Such targeting of children sets a dangerous precedent and underscores an urgent need for stronger cybersecurity measures in the childcare sector.
Wider Context: Rising Cybercrime Threats
This incident reflects a disturbing trend in cybercrime that has been taking shape in recent years. Cybercriminals have increasingly targeted vulnerable organisations, from hospitals to even law enforcement, indiscriminately seeking sensitive data. The Kido attack marks one of the most brazen examples yet, with attackers accessing private details of children, including home addresses — information that could pose serious risks if exploited. UK police have consistently advised organisations and families never to pay ransoms, warning that it fuels further cybercrime. Families and organisations alike are urged to remain vigilant, recognising the growing dangers of direct hacker contact and potential data leaks.
This unprecedented attack is a stark warning of the evolving threat landscape and the urgent need for robust cybersecurity protections, in every sector, especially ones entrusted with safeguarding sensitive private data and especially children.
0 Comments