As we reported recently, the Kido nursery chain recently became the target of a devastating cyberattack carried out by the hacker group known as Radiant. The group infiltrated the systems of the childcare provider and accessed highly sensitive information belonging to around 8,000 children and their families across 18 sites. The stolen material included children’s names, photos, addresses, safeguarding notes, parent details, and information on more than 100 employees. Some of these profiles were leaked on the dark web as part of a ransom attempt, with Radiant threatening to release up to 30 records per child unless a payment—reportedly in the range of $500,000—was made. In a disturbing escalation, parents were even contacted directly by phone with threats, heightening the sense of fear and urgency.
How Hackers Gained Access
Investigators revealed that the attackers gained entry by purchasing compromised staff credentials from another hacker. This access enabled them to exploit an online childcare management platform used by the nursery. While the provider of the platform, Famly, confirmed its own systems were not breached, the use of stolen login credentials allowed Radiant to harvest vast amounts of sensitive data. This underscores the growing risks posed by credential theft and the secondary sale of compromised accounts on underground markets.
Public Outcry and Backlash
The attack immediately drew outrage from parents, authorities, and even figures within the wider cybercriminal underground. While ransomware gangs often target businesses and government entities, the decision to focus on children was condemned as crossing an ethical line. The backlash proved overwhelming, with both public and private criticism aimed at Radiant for their actions.
Hackers Reverse Course
In an unusual turn of events, Radiant appeared to retreat under the pressure. Initially, the group blurred the leaked images, before eventually removing the data altogether from dark web channels. In a public statement, they claimed to have permanently deleted all stolen files and issued an apology, framing the decision as an attempt to ease parents’ fears. Experts, however, remain cautious, warning that assurances from cybercriminals cannot be fully trusted. Despite the claims, the possibility of hidden backups cannot be ruled out.
Financial Loss for the Attackers
Importantly, the ransom demand was never paid. With the hackers abandoning their extortion attempt and deleting the data, it is believed Radiant may have suffered a financial loss. Purchasing the stolen staff credentials likely represented a significant upfront cost, meaning the group ultimately gained nothing from the operation. Cybersecurity analysts suggest the decision to retreat was driven less by morality and more by the sheer volume of negative attention and heightened scrutiny the attack generated.
Lessons from the Kido Nursery Breach
The Kido nursery incident serves as a stark reminder of the importance of safeguarding sensitive data in the childcare and education sectors. It highlights the risks posed by compromised credentials, the growing sophistication of extortion tactics, and the unpredictable behavior of threat actors when faced with public backlash. While the apparent deletion of the data has brought some relief to parents, experts continue to stress caution, emphasizing that once stolen, information can never be guaranteed as truly erased.
0 Comments