The Metropolitan Police have arrested two 17-year-old boys in connection with a ransomware attack on Kido, a chain of nurseries in London. The arrests occurred on October 7, 2025, at residential addresses in Bishop’s Stortford, Hertfordshire. The suspects are being investigated on suspicion of computer misuse and blackmail following a referral from the Action Fraud reporting service on September 25. The rapid sequence of events—from the initial breach to public exposure and arrests within roughly two weeks—marks an unusually swift progression for a case involving sensitive data of minors.
Details of the Kido Ransomware Attack
The cyberattack, carried out by a group known as Radiant, targeted Kido through Famly, a third-party childcare software platform. The breach affected approximately 8,000 children’s records, including names, addresses, photographs, parental contact details, billing information, and confidential medical and safeguarding records. The attackers initially demanded a ransom of around £600,000 in Bitcoin and attempted to pressure the nursery chain by posting limited images and profiles of children online and contacting parents directly.
Following public attention and condemnation, the group blurred the posted images and claimed to have deleted all stolen files by October 2, 2025. While the full extent of data exposure remains uncertain, the sequence highlights both the rapid escalation of the attack and the unusually quick deletion of sensitive records by the perpetrators.
Arrests and Investigation
The two teenagers were detained at their homes in Bishop’s Stortford and remain in custody for questioning. The arrests were part of an ongoing investigation by the Metropolitan Police Cyber Crime Unit. Initially, authorities had reported the arrest of a 22-year-old, but this was later corrected to both suspects being 17.
The investigation is also exploring potential connections between the suspects and other reported cyberattacks, including a hospital in Minnesota, United States, and Magna Foodservice, a UK distribution company. The arrests highlight the unusual circumstances of the case, involving minors accused of high-profile cybercrime and the swift law enforcement response following the public exposure of sensitive data.
Broader Implications
The Kido ransomware incident underscores the vulnerabilities of organizations that handle sensitive information, particularly in education and childcare. Many institutions rely on third-party platforms and have limited cybersecurity resources, making them potential targets for ransomware attacks. The breach demonstrates how quickly personal data can be exposed and the potential cascading consequences when centralized systems are compromised.
The case also illustrates the growing need for strong security measures, including encryption, routine audits, and crisis response planning. The rapid arrests emphasize the urgency of addressing cybercrime involving vulnerable populations and highlight the broader risks associated with digital data management in education and childcare sectors.
0 Comments