Cyber gang escalate ransom demand, leak more data from nursery chain

In an aggressive and “deeply distressing” attack, a hacker group calling itself Radiant has published the private data of children and their families from the Kido nursery chain on the dark web, as part of an ongoing ransomware demand.

The cybercriminals have further escalated their campaign by directly contacting parents, attempting to leverage emotional distress to pressure the nursery group into paying a ransom.

The massive breach is understood to involve the details of approximately 8,000 children across Kido’s 18 UK sites in London and Windsor, as well as its nurseries in the US, India, and China. The deliberately leaked information is highly sensitive, including children’s images, full names, addresses, dates of birth, and contact details of parents and carers.

A sample of ten children’s profiles was posted on the dark web, a part of the internet only accessible with specialist software, with the hackers threatening to release a further 30 child profiles and 100 employee records if their demands are not met.

The most barbaric element of the attack is the direct contact with the victims. Parents have told of receiving “threatening” phone calls from the fluent English-speaking criminals, who instructed them to put pressure on Kido to meet the ransom payment.

This tactic, though rare, signals the callousness and potential desperation of the criminals, as law enforcement advises organisations never to pay ransoms to avoid funding the cybercrime ecosystem.

The National Cyber Security Centre (NCSC) condemned the incident, with a director calling the targeting of those who look after children a “particularly egregious act.”

The Metropolitan Police’s Cyber Crime Unit is now investigating the ransomware attack, which Kido told parents occurred after criminals accessed their data hosted on a software service called Famly.

Famly, which is widely used by other childcare organisations, confirmed that a thorough investigation found no breach of its own security or infrastructure, placing the access point at Kido’s end.

With Kido not yet responding to requests for comment, parents are left in a state of high alarm, having to grapple with the reality of their children’s data being exposed and monetised by “scumbags,” as one sympathetic parent described the perpetrators.

The hackers, who told the BBC they “do it for money,” have since deleted their contact channels, leaving the ongoing threat hanging over the thousands of affected families.